sql injection free script


function Quote($var=”)
{
$use_real_escape = version_compare(PHP_VERSION, ‘4.3.0’, ‘>=’);
$magic_quotes_runtime_on = get_magic_quotes_runtime();
if (is_string($var) || is_numeric($var) || is_null($var)) {
if ($use_real_escape) {
return @mysql_real_escape_string($var);
} else {
return @mysql_escape_string($var);
}
} else if (is_array($var)) {
return array_map(array($this, ‘Quote’), $var);
} else if (is_bool($var)) {
return (int) $var;
} else {
trigger_error(“Invalid type passed to DB quote “.gettype($var), E_USER_ERROR);
return false;
}
}

Advertisements
Posted in php

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s