<?php
function sanitize($value)
{
if(get_magic_quotes_gpc())
{ $value = stripslashes($value);
} else {
$value = $value; }
mysql_real_escape_string($value);
return $value;
}?>
Its something I slapped together....do you guys think it makes good sense as a function?
I've put together a useful function for form field validation that uses regular expressions to check fields against certain types. The code is a bit large to chuck on here, so I'll post the link to the page explaining how to use it:
woocha wrote:Its something I slapped together....do you guys think it makes good sense as a function?
Looks OK to me, other than the indentation is esthetically unpleasing to me. :p
There is pretty much no point in assigning $value to $value though, so you can just leave out the else block.
Was the mysql_real_escape_string function there the first time around? I don't see you setting $value to the result of that function. I didn't think you could pass a variable to it by reference. Can you?
So to consolidate the suggestions, I think it could be condensed down to:
<?php
function sanitize($value)
{
if(get_magic_quotes_gpc())
{
$value = stripslashes($value);
}
return mysql_real_escape_string($value);
}
?>
NogDog;10882522 wrote:Looks OK to me, other than the indentation is esthetically unpleasing to me. :p
Yeah...I wrote it in notepad and then copied it into the forum
<?php
function sanitize($value)
{
if(get_magic_quotes_gpc())
{ $value = stripslashes($value);
} return mysql_real_escape_string($value);
} ?>
what are you trying to do here !!
you strip slashes to just add it again later .. !!!!!!!!
what a logic !
what are you trying to do here !
Escape input to be passed to a MySQL database.
you strip slashes to just add it again later .. !
stripslashes() and mysql_real_escape_string() do slightly different things, but enough for it to be problematic to use the former to escape input meant to be passed to a MySQL database.
what a logic !
Recall that mysql_real_escape_string() takes things like the database locale into account.