addslashes should be enough and put qoutes arround your strings in the sql
At 14:58 18-12-02 +0100, Anders Thoresson wrote:
Would this function do the trick?
<?php
// validate.php - functions that validates form input
function validate_string($unsafe_string) {
// create array containing bad words
$badwords = array(";","--","select","drop","insert","xp_","delete");
$goodwords = array(":","---","choose","leave","add"," ","remove");
// check for occurences of $badwords
for($i=0; $i<7; $i++) {
$unsafe_string = str_replace("$badwords[$i]", "$goodwords[$i]","$unsafe_string");
}
$unsafe_string = AddSlashes($unsafe_string);
$unsafe_string = trim($unsafe_string);
$safe_string = $unsafe_string;
Return $safe_string;
}
?>
Br,
Anders
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
