Classes to Protect from SQL/XXS attacks? [duplicate]

This question already has answers here: How can I prevent SQL injection in PHP? (27 answers) Closed 6 years ago.

I'm building a MVC application for managing a creative portfolio (Going to put it on git hub). I need something to secure the DB connections, basical开发者_Go百科ly I have one class to manage ALL DB transactions.

I need to either create a class or find a class that can protect all SQL queries from XXS or SQL Attacks. What suggestions do you have for securing PHP Database connections?

---

Using PDO's prepared statements to access databases makes queries immune to injection. http://us2.php.net/manual/en/pdo.prepare.php

Using htmlspecialchars() makes output immune to xxs. http://us2.php.net/manual/en/function.htmlspecialchars.php

---

just try to filter you POST,GET requests with this function

function protect($string) 
 { 
      if (ini_get('magic_quotes_gpc') == 'off') // check if magic_quotes_gpc is on and if not add slashes
            { 
             $string = addslashes($string); 
            }  
// move html tages from inputs
$string = htmlentities($string, ENT_QUOTES);
//removing most known vulnerable words
$codes = array("script","java","applet","iframe","meta","object","html", "<", ">", ";", "'","%");
$string = str_replace($codes,"",$string);
//return clean string
return $string; 
}

you can easily apply it for the whole input using array_map function

$input = array_map('protect','$_POST');
$input = array_map('protect','$_GET');