Return to Snippet

Revision: 19832
at November 1, 2009 12:47 by jmiller

Initial Code
function mysql_safe_string($value) {
    if(empty($value))           return 'NULL';
    elseif(is_string($value))   return '\''.mysql_real_escape_string(trim($value)).'\'';
    elseif(is_numeric($value))  return $value;
    elseif(is_array($value))    return implode(',',array_map('mysql_safe_string',$value));
    else                        return false;

function mysql_safe_query($format) {
    $args = array_slice(func_get_args(),1);
    $args = array_map('mysql_safe_string',$args);
    $query = vsprintf($format,$args);
    return mysql_query($query);

Initial URL

Initial Description

Initial Title
mysql_safe_query to prevent SQL injection

Initial Tags
mysql, sql, query

Initial Language