Thursday, July 28, 2011

A simple and useful function for escaping user inputs.

After some testing I have developed a function for escaping user inputs. the escaped values can be directly used for inserting to database. It is working fine for me for the last few years..

function safe_escape($string)
{
if(get_magic_quotes_gpc()){
$string = htmlentities($string);
}else{
$string = mysql_real_escape_string($string);
$string = htmlentities($string);
}
return $string;
}

No comments:

Post a Comment