Although the development has taken a great deal of up-gradation in the last few years with DevOps, frameworks, automation etc. etc. etc. but still there are a number of people who still prefer the old way. Moreover, if you are starting new of just creating a college project or something like that it’s still cool to use the core PHP.
The inputs in Core PHP are venerable to what you call “SQL Injection”, to before putting them to use it’s a mandatory practice to sanitize them. Below is the function you can use for the same. It’s simple, straight forward and easy to use.
Using the function is simple all you have to do is make sure that it needs mysql_connection links to function. Please make sure you provide it. Remaining is nothing to worry about.
/**
* protecting the input form the SQL injection and script injection.
* @param $data
* @return mixed
*/
public function sanitizer ($data)
{
if (!empty($data)) {
foreach ($data as $key => $dataValue) {
if (empty($dataValue)) {
continue;
}
$dataValue = strip_tags($dataValue);
$data[$key] = mysql_real_escape_string($dataValue, $this->link);
}
}
return $data;
}
$object = new Class();
$sanitizedGetArray = $object->sanitizer($_GET);
$sanitizedPostArray = $object->sanitizer($_POST);
If you have some other things to add to this function feel free to comment, I am still learning too you know.