The ultimate clean/secure function

后端未结

关注

 7  2252

I have a lot of user inputs from $_GET and $_POST... At the moment I always write mysql_real_escape_string($_GET[\'var\'])..

相关标签:

7条回答

醉话见心

2020-11-22 03:50

<?php
function sanitizeString($var)
{
    $var = stripslashes($var);
    $var = strip_tags($var);
    $var = htmlentities($var);
    return $var;
}

function sanitizeMySQL($connection, $var)
{
    $var = $connection->real_escape_string($var);
    $var = sanitizeString($var);
    return $var;
}
?>

0 讨论(0)

上一页 1 2