The business world through the eyes of a software developer.

DbSafe (PHP Class)

Released: November 15th, 2006
Updated: November 20th, 2006
Author: Michi Kono

DbSafe is a wrapper class for PHP that makes accessing the user data globals safer. It does so by being explicit about escaping data, rather than relying on magic quotes. The class will work whether or not magic quotes is on. Additionally, most novice PHP users don't realize that "addslashes" isn't sufficient to protect you from SQL injection attacks! Have no fear; this library with its escape method will protect you. And it works great even if magic quotes are turned on!

Download (version 1.1) - Right click and save the file as ".php"

See the entry about this class.

Try pasting in the sample code below to get a better idea of what this class does. Make sure to add into the URL a parameter called "name" with a value in it that contains a single quote (ex. yourtestfile.php?name=O'Reilly).

<?php
require_once('DbSafe.php');

$safe = new DbSafe();

/*
 * It\'s a miracle is shown, and 100% protected against SQL injection attacks
 */
var_dump($safe->escape("It's a miracle"));

/*
 * O\'Reilly is shown, and 100% protected against SQL injection attacks
 */
var_dump($safe->request('name'));
//var_dump($safe->get('name')); // shows escaped $_GET['name']
//var_dump($safe->post('name')); // shows escaped $_POST['name']
//var_dump($safe->cookie('name')); // shows escaped $_COOKIE['name']

/*
 * O'Reilly is shown
 */
var_dump($safe->request('name', TRUE));
//var_dump($safe->get('name', TRUE)); // shows $_GET['name']
//var_dump($safe->post('name', TRUE)); // shows $_POST['name']
//var_dump($safe->cookie('name', TRUE)); // shows $_COOKIE['name']
?>