cbaker007

My confusion was compounded when I had read that the "get_magic_quotes_gpc" and "put_magic..." had been depreciated and I had run across the commands someone was suggesting called "mysql_real_escape_string". But as I dug into those online, I found them in the PHP online manual and they reference as being depleted and referenced back to the "get_magic_quotes_gpc"... I was lost. Okay, so it sounds like "mysqli_" is the latest way to go. Okay, so I can take user input and before saving it via a MySQL "insert query" do something like: $ptitle = mysqli_real_escape_string($con, $ptitle); where $con is my connection to my database. But how do I use that data when I read it? In other words, how do I strip the extra characters and use it as originally entered in an email or an Excel export?

I am really confused... My site is hosted by a large ISP who controls the version of MySQL and PHP. I a novice PHP / MySQL programmer. I am have a much deeper knowledge of HTML but am doing more and more with PHP and MySQL. I have been using a book called "PHP and MySQL Web Development" from 2009. That book tells me that I should "escape" all text user input fields using a set of "magic_quotes_gpc" commands. But after having problems implementing these "magic_quotes" in my code, after looking at the official PHP manual online, it says that these "magic_quotes" command are not only depreciated, but are actually removed from the most recent versions. It is my understanding that I needed to run these commands to "escape" any characters (like quote, single quote, comma, &, etc) that might cause a security issue (somoene compromises SQL commands by encapsulating these characters in user input). So I don't know what to do now if these are no longer used. What is the correct way to "escape" user input? I have input that will have these type of characters in it so I want to preserve it ... (database of Presentations and users will have these characters in their Presentation Title, Presentation Description, etc) What is the appropriate way to handle this type of input if my book is wrong and "magic_quotes" are not long used?