Hi all,
I used to use
$name = mysql_real_escape_string($name);
to clean information to store in my database on php 5.4
Now I am using php 5.6 and it seams to be a problem.
I was given this code to replace mysql_real_escape_string...
function IsInjected($str)
{
$injections = array('(\n+)',
'(\r+)',
'(\t+)',
'(%0A+)',
'(%0D+)',
'(%08+)',
'(%09+)'
);
$inject = join('|', $injections);
$inject = "/$inject/i";
if(preg_match($inject,$str))
{
return true;
}
else
{
return false;
}
}
The only problem is that I do not understand the code or how to use it.
Is there an easier way to clean information and stop SQL injection?