clone89 (clone89) wrote in ru_php,
clone89
clone89
ru_php

SQL-injection

Привет, как вам такой способ фильтрования всяких бяк?
function quote_smart($value)
{
$str_what = array ("'","\"","/","\\","|","`","(",")","-","=","+","*","&","^","%","$","#","@",";",":");
$value = str_replace ($str_what,"",$value);
return $value;
unset ($str_what,$value);
}
if (isset ($_GET['id'])){$id=$_GET['id'];$id=quote_smart ($id);}
/*дальше запросы к базе*/

Про mysql_real_escape_string знаю, но интересен именно такой вариант, как вам?
Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 76 comments
Previous
← Ctrl ← Alt
Next
Ctrl → Alt →
Previous
← Ctrl ← Alt
Next
Ctrl → Alt →