I know this isn’t original, but I’ve been using it for years and it saves me constant frustration trying to make sure I have protected all my inbound variables. To use this, you will need the Sanitize PHP file which is part of the PHP Filters package that can be found at: http://www.owasp.org/index.php/OWASP_PHP_Filters

Here you go: 

<?PHP
	require_once 'sanitize.php';

	$_REQUEST = array_map( 'sanitize_sql_string' , $_REQUEST );
?>

This will pass all the values in the $_REQUEST array through the function sanitize_sql_string.

This entry was posted on Wednesday, September 26th, 2007 at 12:40 pm and is filed under PHP. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.