A very handed PHP function that is easily portable and applicable, authored by Neil Masters @ codedb.co.uk.
Pass in any value, i.e
$bob = checkSQL($_POST['email']);
And simply include the following:
function checkSQL($value) { $banned = "(!|\"|#|'|<|>|=|insert|update|select| alter|drop|input|select|from|INSERT|UPDATE| SELECT|ALTER|DROP|INPUT|SELECT|FROM)";
if(preg_match($banned, $string)) { return false; } else { return true; } }
|