0
<?php

class Database {

public function protect($data){
		
		$data = trim($data);
		$data = stripslashes($data);
		$data = strip_tags($data);
		$data = mysql_real_escape_string($data);
		return $data;
	}

}

$database = new Database();
$txt = '<strong>\\\Test///</strong>';
$txt = $database->protect($txt);
echo $txt;

And output have a <strong> tag, slashes and all with zero errors.
I try and different way to structure the function:

public function protect($data){
		
		trim($data);
		stripslashes($data);
		strip_tags($data);
		mysql_real_escape_string($data);
		return $data;
	}

But the output is the same :(
Where is my wrong?
If anyone know more good way to secure the mysql let share. Thanks for all ideas

Edited by gorleone: n/a

2
Contributors
1
Reply
2
Views
6 Years
Discussion Span
Last Post by diafol
1

If anyone know more good way to secure the mysql let share. Thanks for all ideas

Use PDO.

As a quick debug:

public function protect($data){
		$data = trim($data);
                echo "TRIM: $data<br />";
		$data = stripslashes($data);
                echo "SSLASH: $data<br />";
		$data = strip_tags($data);
		echo "STAGS: $data<br />";
                $data = mysql_real_escape_string($data);
		echo "MRES: $data<br />";
                return $data; 
}
Votes + Comments
Good and clean
This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.