PHP / SQL data protection – anti SQL-Injection function

SQL Injection

SQL injection is a technique where malicious users can inject SQL commands into an SQL statement, via web page input.
Injected SQL commands can alter SQL statement and compromise the security of a web application.

SQL Injection Based on 1=1 is Always True
Look at the example above, one more time.
Let’s say that the original purpose of the code was to create an SQL statement to select a user with a given user id.
If there is nothing to prevent a user from entering “wrong” input, the user can enter some “smart” input like this:


How to protect

PHP functions

The function

//Blind SQL-INJECTION Escape sequence. Line codes anti SQL-Injection
function anti_injection($input){
return $clean;

How to use