Function to sanitize PHP input values

Question

Function to sanitize PHP input values

I use this:

function safeClean($n)
{
    $n = trim($n);

    if(get_magic_quotes_gpc())
    {
        $n = stripslashes($n);
    } 

    $n = mysql_escape_string($n);
    $n = htmlentities($n);

    return $n;
}

To prevent any type of MySQL input or something like that. Whenever I use it to wrap around $ _POST, do the following:

$username = safeClean($_POST['user']);
$password = md5(safeClean($_POST['password']));
$vpassword = md5(safeClean($_POST['verify']));
$email = safeClean($_POST['email']);

It doesn’t even work, but I connected the .php functions, and the directory is correct, but it doesn’t work at all, because it just shows a blank page ... If I remove safeClean () from every $ _POST it works.

Why does this not work at all?

+3

post php mysql sanitization

Macmac Jun 09 '10 at 19:05

source share

3 answers

, - . , (, PDO) - SQL. ...

, , , . , , , , . - , , , , . , - .

+7

Weston C 09 . '10 19:21

.

get_magic_quotes_gpc , htmlentities , "" .

, - . .
, SQL-: PHP htmlspecialchars() ?

. , . : : http://www.ibm.com/developerworks/library/os-debug/

ini_set('display_errors',1);
error_reporting(E_ALL);

and this code to execute the request:

$result = mysql_query($query);
if (!$result) trigger_error(mysql_error());

+2

Your common sense Jun 09 '10 at 19:27

source share

delete me · Accepted Answer · 2010-06-09T19:13:44+0000

Try using mysql_real_escape_string(), not mysql_escape_string().

Function to sanitize PHP input values

More articles: