How Updated is this Anti SQl

[Forean]

Like title says How Updated is this Anti SQL

PHP Code:

<?
//Anti SQL injection.
function antisql($sql)
{
// Remove words that contain SQL syntax
$sql = preg_replace(sql_regcase("/(from|update|set|character|clan|account|name|opened|serverstatus|indexcontent|account|level|select|insert|delete|where|drop table|show tables|#|\|*|--|\\\\)/"),"",$sql); //Replaces some parts of a SQL query with absolutely nothing.
$sql = trim($sql); //antisqls up spaces
$sql = strip_tags($sql);//Php and html tags strip
$sql = addslashes($sql);//Adds backslashes to one string
$sql = stripcslashes($sql); //Un-quote string quoted with addcslashes
//$sql = stripslashes($sql); //Un-quotes a quoted string
$sql = htmlspecialchars($sql); //Convert special characters to HTML entities
//$sql = quotemeta($sql); //Quote meta characters
return $sql;
}
?>

[MentaL]

[Torsen]

Do you even know what a SQL injection is==

[Guy]

This sample doesn't stop SQL injection in MSSQL.

[Forean]

Do you even know what a SQL injection is==

yes i do actualy. i wanted to know if this was a good anti for it. a friend sent to me and i wanted to know if it was.

[Guy]

There haven't been any new disclosures for SQL injection relating to MSSQL in years! There's no reason for it to be "updated", this fallacy was just caused because of WizKid's overall lack-of knowledge pertaining to sanitizing data being entered into a MSSQL query.

I've made some posts detailing the proper method of sanitizing queries, even posting a working poc - use it.