CSI: PHP

"Looking at your tweets I cannot even fathom what your job is. CSI:PHP?" — @grmpyprogrammer

More Fun With Database Input Filtering

| Comments

And I thought prepString() was the pinnacle of awesome.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

<?php

/* addslashes_mssql and stripslashes_mssql enable us to read from MS SQL Server 
(as opposed to other databases, where the PHP built-in functions addslashes() 
and stripslashes() work for MySQL and others
    */

function addslashes_mssql($str) {
    if (is_array($str)) {
        foreach ($str AS $id => $value) {
            $str[$id] = addslashes_mssql($value);
        }
    } else {
        $str = str_replace("'", "''", $str);
    }
    return $str;
}

function stripslashes_mssql($str) {
    if (is_array($str)) {
        foreach ($str AS $id => $value) {
            $str[$id] = stripslashes_mssql($value);
        }
    } else {
        $str = str_replace("''", "'", $str);
    }
    return $str;
}

Comments