Glotzfisch.de

found at php.net, prevents SQL Attacks through entry fields

 function quote_smart($value)
 {
   // Stripslashes
   if (get_magic_quotes_gpc()) {
       $value = stripslashes($value);
   }
   // Quote if not a number or a numeric string
   if (!is_numeric($value)) {
       $value = "'" . mysql_real_escape_string($value) . "'";
   }
   return $value;
 }

This entry was posted on Thursday, 11. January 2007 at 10:46 and is filed under PHP. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback (Guckstu hier) from your own site.