Oxidiser - 7:35 am on Sep 22, 2011 (gmt 0)

How about something like this? This recursively sanitizes variables. Useful for multi dimensional arrays like for example $_REQUEST, $_POST and $_GET.


// Note:
// A MySQL connection is required before using // mysql_real_escape_string() otherwise an error of level E_WARNING is // generated, and FALSE is returned. If link_identifier isn't defined, // the last MySQL connection is used.
/**
*
* Filters variable to make it safe for insertion into a query.
* Will filter strings and arrays (recursivly).
*
* @param mixed $input
* @param boolean $filterHtml = true Should html and php tags be stripped from the input?
* @return mixed
*/
function sqlescape($input, $filterHtml = true) {
if(!is_array($input)) {
if($filterHtml) {
return mysql_real_escape_string(strip_tags($input));
} else {
return mysql_real_escape_string($input);
}
} else {
foreach($input as $key => $value) {
$input[$key] = sqlescape($value, $filterHtml);
}
return $input;
}
}