SQL Injection Prevention - Is this shooting for the heart?

DigitalBuilder · Mar 28, 2006

http://www.logic.school.nz/

<?
function pstr($Name) {
global $$Name;
if (!empty($$Name)) {
return str_replace("'","''",$$Name);
}
if (!empty($_GET[$Name])) {
return str_replace("'","''",$_GET[$Name]);
}
elseif (!empty($_POST[$Name])) {
return str_replace("'","''",$_POST[$Name]);
}
else { return null; }
}
?>

<?
function pint($Name) {
global $$Name;
if (!empty($$Name)) {
if (is_numeric($$Name)) {
return $$Name;
}
else {
die(pintMailError());
}
}
elseif (!empty($_GET[$Name])) {
if (is_numeric($_GET[$Name])) {
return $_GET[$Name];
}
else {
die(pintMailError());
}
}
elseif (!empty($_POST[$Name])) {
if (is_numeric($_POST[$Name])) {
return $_POST[$Name];
}
else {
die(pintMailError());
}
}
else { return null; }
}
?>

BabyJeffy · Mar 29, 2006

Could you maybe put a question together to go with your thread?

Cheers,
Jeff

[tt]Jeff's Page @ Code Couch

http://www.codecouch.com/jeff/

http://www.codecouch.com/jeff/blog/

[/tt]

What is Javascript? FAQ216-6094

DigitalBuilder · Mar 29, 2006

It's ideas to control SQL Injection at the root source: where its injected

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

SQL Injection Prevention - Is this shooting for the heart?

DigitalBuilder

Programmer

BabyJeffy

Programmer

DigitalBuilder

Programmer

Similar threads

Part and Inventory Search

Sponsor