8ELECT * FROM example WHERE sd ="stripslashes($_POST['Company_name'])";
in this case are stripslashes() prodect from sql injection
please help
thanks in advanced for your help

regards
red fox
Moderators: egami, macek, gesf
Code: Select all
<?php
if(!get_magic_quotes_gpc()) {
if(is_array($_POST)) {
while(list($k, $v) = each($_POST)) {
if(is_array($_POST[$k])) {
while(list($k2, $v2) = each($_POST[$k])) {
$_POST[$k][$k2] = addslashes($v2);
}
@reset($_POST[$k]);
} else {
$_POST[$k] = addslashes($v);
}
}
@reset($_POST);
}
}
?>
Code: Select all
<?php
if( !function_exists( "get_magic_quotes_gpc" ) || !get_magic_quotes_gpc() )
{
foreach( Array( $_GET, $_POST, $_COOKIE ) as $_K => &$_V )
{
if( is_array( $_V ) )
{
foreach( $_V as $k => &$v )
{
if( is_array( $v ) )
{
foreach( $v as $k2 => &$v2 )
{
$v2 = addslashes( $v2 );
}
@reset( $v );
}
else
{
$v = addslashes( $v );
}
}
@reset( $_V );
}
}
}
?>