/ Published in: PHP

This little function helps to fight common security issue with SQL injections, it can sanitize any global variable like $_POST, $_GET, $_SERVER etc and escape unsafe characters.
Expand |
Embed | Plain Text
Copy this code and paste it in your HTML
function _clean($str){ return is_array($str) ? array_map('_clean', $str) : str_replace("\\", "\\\\", htmlspecialchars((get_magic_quotes_gpc() ? stripslashes($str) : $str), ENT_QUOTES)); } //usage call it somewhere in beginning of your script _clean($_POST); _clean($_GET); _clean($_REQUEST);// and so on..
Comments
