Functionality:
This is a simple function which will filter any dangerous character from string before entering to database.
Sample Usage:
$sql = "INSERT INTO `comments` (`id`, `datetime`, `user_comment`) VALUES (NULL, '2006-11-09 11:13:56', '".prepareData($comment)."')"; // After that, execute the SQL query using your database function, eg $status = mysql_query($sql);
Language:
PHP
Source Code:
/** * Prepade data for inserting to database or * other database related operation. * * @param string $textData * @return string prepared text for database operation */ function prepareData($textData) { if (get_magic_quotes_gpc()) { // Magic Quote was ON - remove extra slashes $textData = stripslashes($textData); } else { // do nothing } // Prepare html data for database usage $preparedData = htmlentities($textData, ENT_QUOTES); return $preparedData; }
License:
Free for any purposes.
