I am trying to learn php and want to use a function to protect

Question

0

Asked: June 8, 20262026-06-08T05:35:36+00:00 2026-06-08T05:35:36+00:00

I am trying to learn php and want to use a function to protect

0

I am trying to learn php and want to use a function to protect form agains SQL injection!
But somehow form record my db every data which contains any special chars like ‘”=)/()/*/

My filter function:

function filter($data) {
    $data = trim(htmlentities(strip_tags($data)));

    if (get_magic_quotes_gpc())
        $data = stripslashes($data);

    $data = mysql_real_escape_string($data);

    return $data;
}

Register Page to get POST datas:

foreach($_POST as $key => $value) {
    $data[$key] = filter($value);
}

Then i am trying special characters and form save them! What i an doing wrong?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-08T05:35:38+00:00

If you want to protect against SQL injection, the best approach is to use PDO and prepared queries, where all user-provided data is passed in via execute(), like this:

$stmt = $pdo->prepare("INSERT INTO foo (a_column, b_column) VALUES (:a, :b)");
$stmt->execute(array(':a' => $a, ':b' => $b));

You do not have to perform any manipulation on $a or $b; PDO will bind the parameters the right way, no matter which database you are using.

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I am trying to learn php and want to use a function to protect

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply