Assume that I do not have a database running. so I do not have a connection. I would still like to sanitize web user input that will be written as sql statement into a file, and perhaps later sent onto some sql server. is there a connection-free method to do this?
Asked
Active
Viewed 35 times
1
-
Find your answer [here](http://stackoverflow.com/questions/3437464/sanitize-contact-form-without-mysql-real-escape-string). In short, filter_var() – mseifert Nov 08 '15 at 19:52
-
You could just do the insert later using parameterized queries.. – chris85 Nov 08 '15 at 19:52
-
1Reasoning why this is not available: http://stackoverflow.com/questions/13435232/using-mysqlis-real-escape-string-as-a-static-function – wogsland Nov 08 '15 at 19:53
-
What is the purpose to sanitise data that is written to a **file**? A file can store anything without any sanitising. – zerkms Nov 08 '15 at 20:56
-
@mseifert that answer is useless. – Jon Nov 08 '15 at 21:17