09-29-2007, 03:13 AM
|
#14 (permalink)
|
|
The Wanderer
Join Date: Sep 2007
Location: Sydney, Australia
Posts: 19
Thanks: 0
|
Quote:
Originally Posted by CMellor
I think I'm gonna use that function you have in method 1 on my project. Currently I use:
PHP Code:
<?php
function escape($str) {
return htmlspecialchars(mysql_real_escape_string($str));
}
?>
Your's seems safer... |
It seems OK, only problem is with the output you'll need to run html_entity_decode if you've got html in there you need to work in the browser.
In regards to my earlier post, yeah I didn't mean to put the quotes in. Also, using the typecast means you can check it before and, saving a query:
PHP Code:
$id = (int)$_GET['id'];
if($id > 0){
// query
}else{
echo "You're not what I expected!";
}
|
|
|
|