Sanatize Form Inputs - A simple PHP funciton
Whenever you have a form on your website, and you are putting that data into a MySQL database, you have to take some precautions. People can inject SQL queries from the form, and you can’t let people do that. Just imagine if someone injected a DROP TABLE statement.
It’s not difficult to make it so that people can’t do this. to make it simple, here is a PHP function I wrote that I use in all my scripts:
function clean($input){
global $your_mysql_connection_goes_here;
if(get_magic_quotes_gpc()) { $input = stripslashes($input); }
$input = mysqli_real_escape_string($cxn,$input);
return $input;
} ?>
This prevents people from being able to use SQL injections on you. I include in it all of my scripts, and so should you.