/ Published in: PHP
Pass a user-inputted variable to this function in order to prevent SQL injection. Example:
mysql_query("INSERT INTO table VALUES('" . sql_sanitize($_POST["variable") . "')");
Instead of:
mysql_query("INSERT INTO table VALUES('" . $_POST["variable"] . "'");
mysql_query("INSERT INTO table VALUES('" . sql_sanitize($_POST["variable") . "')");
Instead of:
mysql_query("INSERT INTO table VALUES('" . $_POST["variable"] . "'");