Secure site ?

[Guy]

Take a look to this

http://www.psoug.org/snippet/AntiSQL...unction_18.htm

The $banlist is very restricting, linking to a problem I referenced earlier in this thread, and the other portion is already used in this thread.

"a look"?

[Solaire]

Take a look to this

http://www.psoug.org/snippet/AntiSQL...unction_18.htm

That's almost the same as gWX0 posted.

[iceman4154]

I use this one.

PHP Code:

function antisql($sql)
{
  $sql = htmlspecialchars($sql);
  $sql = str_replace("'", '& #039;', $sql);
  $sql = str_replace('"', '&quote;', $sql);

  return $sql;
} 


~Iceman

[Alkyron]

I use this one.

PHP Code:

function antisql($sql)
{
  $sql = htmlspecialchars($sql);
  $sql = str_replace("'", '& #039;', $sql);
  $sql = str_replace('"', '&quote;', $sql);

  return $sql;
} 


~Iceman

Its works ?

[Jackbush]

Don't forget to include the sanitize_data function in whatever script is calling it!

[Zephyr]

That one clearly sucks. It blocks any slash, dot, comma, and so forth. Just clean ', " and \.

i don't know why the user even should be allowed slash, dot or comma...
a-z A-Z 0-9 - and _ should be enough for most of us...

also if you do it on "exclude" list then be sure to get rid of lineswitches also :p although i'm pretty sure that's not something that you usually get from inputfield lol...