Home/ Questions/Q 6999165
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T20:30:22+00:00

I have a function that checks user input and wanted to know if it

  • 0

I have a function that checks user input and wanted to know if it prevents against all attacks of this sort. Also, if I wanted to include this function on each page that needed it could I put it in a php page of its own then ‘include()’ it into them pages where it’s required. Thanks.

function secure_data($value)
{
if (get_magic_quotes_gpc()) {
    $value = stripslashes($value);
}
if (function_exists("mysql_real_escape_string" )) {
    $value = mysql_real_escape_string($value);
} else {
    $value = addslashes($value);
}
return $value;
}
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Since you’re using quotes, I’m assuming that your main question is how to protect against SQL injections, if I’m not mistaken. (Note: securing against SQL-injection is something else then securing against for example Cross Site Scripting!); and will not guarantee you a secure application.

    The best solution for SQL injection is not to use this function, but to use prepared statements with either mysqli or PDO.
    (See: How can I prevent SQL injection in PHP? )

    Other interesting links:

    Background information on sql injection:
    https://www.owasp.org/index.php/SQL_Injection

    Other validation:
    http://www.faqs.org/docs/gazette/superglobals.html

    Input validation from OWASP:
    https://www.owasp.org/index.php/Input_Validation

    • 0