Posted by Jerry Stuckle on 10/09/07 11:42

ashore wrote:
> Guys, I'm adapting the ..._deep() approach to apply it to $_GET and/
> or $_POST arrays as follows, as a lazy way to cleanup input before
> posting it to the database - to prevent SQL injections.
>
> function quote_smart_deep($value) { // recursive array-capable
> version of quote_smart
> $value = is_array($value) ? array_map('quote_smart_deep',
> $value) : quote_smart($value);
> return $value;
> }
>
> Anyone see any reason for this not to work? Thanks, all.
>
> -AS
>

If you're working with a mysql database, use mysql_real_escape_string()
on strings. That's what it's there for (in part, anyway).

And verify that numeric values are actually numeric.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

• Next in forum: Re: mysql_connect and encrypted password
• Prev in forum: Re: Site Tracker Interface Design
• Thread view: Re: Applying quote_smart() to Arrays

[Reply to this message]