Thread: SQL Injection.. is it really that simple?
View Single Post
  #8 (permalink)  
Old 01-21-09, 08:35 AM
End User's Avatar
End User End User is offline
Level II Curmudgeon
  
Join Date: Dec 2004
Posts: 3,027
Thanks: 14
Thanked 35 Times in 33 Posts
Quote:
Originally Posted by therocket954 View Post
That is fantastic. Thanks End User.

I've been using a combination of preg_match(), mysql_real_escape_string(), and a bunch of if statements... this is much cleaner
You're welcome, and I'm glad you like it. I can't take full credit for it, however- I started with some code scavenged from CodeIgniter and added some additional tweaks, checks, and functionality. I think it's reasonably safe. If someone can find a way to spoof that function, I'd be proud to have them hijack my server and make it part of their botnet. .
__________________
I don't live on the edge, but sometimes I go there to visit.
-------------------------------------------------------------------------
Sanitize Your Data | Oracle Date & Substring Functions | Code Snippet Library | [url=http://www.codmb.com/Call Of Duty[/url]