PHP function to check for SQL injection

A very handed PHP function that is easily portable and applicable, authored by Neil Masters @ codedb.co.uk.

Pass in any value, i.e

$bob = checkSQL($_POST['email']);

And simply include the following:

function checkSQL($value)
{
$banned = "(!|\"|#|'|<|>|=|insert|update|select|
alter|drop|input|select|from|INSERT|UPDATE|
SELECT|ALTER|DROP|INPUT|SELECT|FROM)";


if(preg_match($banned, $string)) { return false; }
else { return true; }
}