PHPBuilder - Escape data before its entered in a mysql database



RSS Twitter
Tips Databases

Escape data before its entered in a mysql database

by: Dave Kiely
|
February 9, 2007

I use this function when I am inputting data into a mysql database. It will insure that the data entered is inputted in a safe manner.

<?php 
//Takes the data and returns the the escaped data 
function escData ($data) { 
   global $dbc; 
   if (ini_get('magic_quotes_gpc')) { $data = stripslashes($data); }  
   return mysql_real_escape_string($data, $dbc); 
} 

$sql = "INSERT INTO `tableName` (`name`) VALUES ('$someValue')"; 

$insert= mysql_query(escData($sql)); 
?> 

Comment and Contribute

Your comment has been submitted and is pending approval.

Author:
Dave Kiely

Comment:



Comment:

(Maximum characters: 1200). You have characters left.