TalkPHP
Home Forums Articles Glossary Awards Register Rules Members Search Today's Posts Mark Forums Read
 
 
 
Account Login
Latest Articles
» The basic usage of PHPTAL, a XML/XHTML template library for PHP
by awuehr on 11-10-2008 in Tips & Tricks
» Vulnerable methods and the areas they are commonly trusted in.
by Village Idiot on 11-04-2008 in Classes & Objects
» Simple way to protect a form from bot
by codefreek on 10-23-2008 in Basic
» The Basics On: How Session Stealing Works
by wiifanatic on 09-12-2008 in Security & Permissions
» How to keep your forms from double posting data
by drewbee on 07-03-2008 in Tips & Tricks
IRC Channel
IRC Speech Bubble Join the friendly bunch on IRC...
(#TalkPHP on Freenode)

...Also available via a web interface.

See this thread for information on the TalkPHP Free Hugs Initiative™. Subject to availability.
Associates
Associates
CSS Tutorials
TalkPHP > Developer Forums > Script Giveaway » Safe MySQL Parse Function
 
 
LinkBack Thread Tools Search this Thread Display Modes
Prev Previous Post   Next Post Next
Old 11-30-2007, 12:21 PM   #1 (permalink)
La Vida es Sueño
Advanced Programmer Top Contributor 
 
Wildhoney's Avatar
 
Join Date: Sep 2007
Location: Oldham
Posts: 2,280
Thanks: 90
Wildhoney is on a distinguished road
Application Safe MySQL Parse Function
This is the function I use when constructing MySQL statements. It allows you to pass in any argument into the function and it will return it back to you all nice and safe.

As the function automatically quotes strings for you, there's no need to quote them in your statement. So for a string I wouldn't need to add the quotes around %s. It would be like so:

php Code:
sprintf("SELECT * FROM myTable WHERE myColumn = %s", mysql_parse_values($szItem));

The same goes for integers. The function, however, won't add quotes to an integer. The function even checks for the presence of the ever-annoying GPC, and acts accordingly based on its state.

php Code:
function mysql_parse_value($mValue, $bStripTags = true, $bAllowableTags = null)
{
    if (is_array($mValue))
    {
        return
    }
    
    if (get_magic_quotes_gpc())
    {
        $mValue = stripslashes($mValue);
    }
         
    if ($bStripTags)
    {
        $mValue = strip_tags($mValue, $bAllowableTags);
    }
        
    if (!is_numeric($mValue))
    {
     $mValue = "'" . mysql_real_escape_string($mValue) . "'";
    }

    return $mValue;
}
__________________
The man who comes back through the Door in the Wall will never be quite the same as the man who went out.
Send a message via AIM to Wildhoney Send a message via MSN to Wildhoney Send a message via Yahoo to Wildhoney
Wildhoney is offline   		Reply With Quote
The Following 2 Users Say Thank You to Wildhoney For This Useful Post:
Gurnk (11-30-2007), ReSpawN (12-07-2007)
 

« Previous Thread | Next Thread »


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Threaded Mode Threaded Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT. The time now is 05:04 PM.

 
     
Contact Us - TalkPHP - PHP Community - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0
Inactive Reminders By Icora Web Design