behemothgroup.com

A very handed PHP function that is easily portable and applicable, authored by Neil Masters @ codedb.co.uk.

Pass in any value, i.e

$bob = checkSQL($_POST['email']);

And simply include the following:

function checkSQL($value)
{ $banned = "(!|\"|#|'|<|>|=|insert|update|select|
alter|drop|input|select|from|INSERT|UPDATE|
SELECT|ALTER|DROP|INPUT|SELECT|FROM)";

if(preg_match($banned, $string)) { return false; }
else { return true; }
}