William Jiang

JavaScript,PHP,Node,Perl,LAMP Web Developer – http://williamjxj.com; https://github.com/williamjxj?tab=repositories

PHP/MySQL: Anti-SQL Injection Function

Anti-SQL Injection Function

Here are an example about PHP/MySQL Anti-SQL Injection:

function cleanuserinput($dirty){
 if (get_magic_quotes_gpc()) {
  $clean = mysql_real_escape_string(stripslashes($dirty));
  $clean = mysql_real_escape_string($dirty);
 return $clean;
// Now the data $clean can be used for MySQL DB operation.

Following things can be done for preventing your PHP Form from Hijacking

1. Make register_globals to off to prevent Form Injection with malicious data.
2. Make Error_reporting to E_ALL (in php script: error_reporting(E_ALL) at the top) so that all variables will be intialized before using them.
3. Make practice of using htmlentities(), htmlspecialchars(), strip_tags(), utf8_decode() and addslashes() for filtering malicious data in php
4. Make practice of using mysql_real_escape_string() in mysql.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: