Simple way to use mysql sanitizer function in php

17 Sep

If you don’t know yet mysql_real_escape_string() is the php function to sanitize a given string for mysql quires so as to prevent sql inejections.

But its irritating to use it every time you want to sanitize.
So, lets simplify the burden.

function __($var){
	return mysql_real_escape_string($var);
	}

By using this function, You just need to put $variable inside __()

$sql="SELECT * FROM `new` WHERE title='".__($_POST['title'])."'";

Thanks for visiting

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

%d bloggers like this: