I find for just numbers type_digit() works great combined with addslashes() but what about for a mixture, to prevent SQL injection?
No performace hit with this I shouldn't have thought. Read More
[QUOTE=Tehim;1562084]The preg_replace was to just try and cover some the sql injection that mysql_real_escape_string and htmlentities doesn't cover.[/QUOTE] More filters or escaping will NOT improve the escaping of a variable. In fact it does the opposite - makes the filter less secure. (an example of this was an XSS injection … Read More
Edited by Tehim: n/a
Edited by digital-ether: n/a
Edited by diafol: n/a