Home/ Questions/Q 9187805
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-17T19:51:50+00:00

I have make a simple function for security prevent from sql injection and XXS

  • 0

I have make a simple function for security prevent from sql injection and XXS
here is my code, any suggestion for this? Is this good enough for security?

function mres($input){
    if(get_magic_quotes_gpc()){
        $input=stripslashes($input);    
    }
    $input=htmlentities($input, ENT_COMPAT, 'UTF-8');
    return mysql_real_escape_string($input);
}
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    This is wrong in at least two ways:

    1. Turn of magic_quotes completely if you can. At least you are not using it, but $input may not be scalar
    2. htmlentities is for display, not storage. Never encode for storage!
    3. mysql_* functions are deprecated. There is no guarantee you will have an open mysql connection (required) when you call it either.

    https://www.php.net/manual/en/function.mysql-real-escape-string.php

    • 0