Tag Archives: escape

Sanitizing $_POST and $_GET

Hey,
Well I haven't posted something PHP related for quite a few days now so I thought I'd show you something I use in every single script that I write that involves form submissions or URL data.
It is important to escape (sanitize) all data from forms that may be used in a mysql database query.
If you use some other database type, the function can easily be modified.

Place this code at the top of all your pages (maybe via an include):

        if(!function_exists(mysql_real_escape_array))
                {
        function mysql_real_escape_array($t)
                        {
        return array_map("mysql_real_escape_string",$t);
                        }
                }

        mysql_real_escape_array($_GET);
        mysql_real_escape_array($_POST);
 

It will automatically sanitize all your $_POST (from forms) and $_GET (URL data) to help prevent SQL injections.

Be aware though, that this is just one precaution you should take when inserting data into a mysql database.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]