Prevent SQL injection

30.Aug.2010

In order to prevent SQL injection, we should clean our input first, and then use parameters we got. In order to clean input that came from our user, just use function “clean” from following snippet:

1
2
3
4
function clean( $input ) {
	if (get_magic_quotes_gpc()) return mysql_real_escape_string( stripslashes( $input ) );
	else return mysql_real_escape_string( $input );
}