|
Posted by Dave Kelly on 05/13/07 23:26
Mike P2 wrote:
> ?>
>
> Let's assume you made $_REQUEST['name'] and $describe11 safe for the
> file system.
> ?>
You should make that
> variable safe for the file system before using it, though.
To isolate a question. I have searched for make variable safe and this
is what I found. Is this what you intended by the above statements?
<?php //quote-smart.php
// Quote variable to make safe
function quote_smart($value) {
// Stripslashes
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
// Quote if not integer
if (!is_numeric($value) || $value[0] == '0') {
$value = "'" . mysql_real_escape_string($value) . "'";
}
return $value;
}
?>
--
A little rum in the morning coffee. Just to clear the cobwebs, ya know.
Navigation:
[Reply to this message]
|