PHP FUNCTION TO HELP PREVENT SQL INJECTION

SQL injection or SQLi is a common technique used to hack into a website. Using the below code can help you prevent it.

PHP

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47

function clean($input)   {   if (is_array($input))   {   foreach ($input as $key => $val)   {   $output[$key] = clean($val);   // $output[$key] = $this->clean($val);   }   }   else   {   $output = (string) $input;   // if magic quotes is on then use strip slashes   if (get_magic_quotes_gpc())   {   $output = stripslashes($output);   }   // $output = strip_tags($output);   $output = htmlentities($output, ENT_QUOTES, 'UTF-8');   }   // return the clean text   return $output;   }

Syntax

1 2 3 4 5

<?php $text = "<script>alert(1)</script>"; $text = clean($text); echo $text; ?>

Had we not used the clean function above, the page would have popped up an alert box.