Home  »     »     »  Php function to format the input values before inserting to the Db tables

Php function to format the input values before inserting to the Db tables

Thursday, November 25, 2010



Given below is a simple php function to format the input to the database inorder to avoid the SQL injection.



function formatInput($str_value){
//function to format strings in a query
$str_value = (!get_magic_quotes_gpc()) ? addslashes($str_value) : $str_value;
$str_value = trim($str_value);
$str_value = ($str_value != "") ? "'" . $str_value . "'" : "NULL";
return $str_value;
}


As you can see the function checks whether the magic quote feature of server is on and if not it adds slashes to the single and double quotes. If magic quotes is on the input value t the function will be having the single and double quotes escaped with a backslah.

before returning the value, single quotes are appended and prepending to the text.



SAMPLE USAGE


$myQry=" SELECT * FROM TBL_INVENTORY WHERE PURCHASE_CODE = ".formatInput($purchase_code);






How to link to this page?
If you wish to link to this page from your website, simply Copy and paste the above HTML code to your web page. It will appear on your page as:
Php function to format the input values before inserting to the Db tables.




Share this!




comments powered by Disqus

This Weeks 7 Popular Posts


Subscribe to Recent Posts by Email
Stay connected to CROZOOM with regular Email notices of new Techie articles and IT Jobs. Updates will be delivered to your Inbox as soon as they are posted online.

Enter Your Email Address:  

Delivered by FeedBurner   RSS Feed

Search this Blog   



Urgent Openings for PHP trainees, Andriod / IOS developers and PHP developers in Kochi Trivandrum Calicut and Bangalore. Please Send Your updated resumes to recruit.vo@gmail.com   Read more »