Saud Iqbal
 

SQL filter function script

Protect your input fields with this SQL injection prevention script.


// Filter SQL Injection
function filter($input,$type)
{
// Options: Text, Numbers, NumbersDash, TextArea
switch ($type)
{
// Plain text
case 'Text':
$input = preg_replace('/[^a-zA-Z0-9\s]/i', '', $input);
break;

// TextArea
case 'TextArea':
$input = preg_replace('/[^a-zA-Z0-9\s\.\?]/i', '', $input);
break;

// Numbers Only
case 'Numbers':
$input = preg_replace('/[^0-9]/i', '', $input);
break;

// Numbers with Dashes
case 'NumbersDash':
$input = preg_replace('/[^0-9\-]/i', '', $input);
break;

// Default
default:
$input = preg_replace('/[^a-zA-Z0-9\s]/i', '', $input);
break;
}

return $input;
}

$Message = filter($string,"TextArea");
echo "Filtered TextArea: " . $Message;

$Message = filter($string,"Numbers");
echo "Filtered Numbers: " . $Message;

< Back to blog