Small problem with magic quotes and sql

[Demonic]

Alright I written this function which should remove slashes if magic quotes is set to 1 or true, which it is, then it removes my new lines back slash from the sql whats wrong with this help.

 

function clean($text, $type=0) {
if(get_magic_quotes_gpc()) {
	$text = stripslashes($text);
}
if( $type == 1 ) {
	$text = htmlentities($text,ENT_QUOTES,'UTF-8');
} else {
	$text = mysql_real_escape_string($text);
}
return $text;
}

 

SQL Query looks like this when exported:

I have put word across to xxxxx for the psd''s, so we can find out the actual sizes of the fonts and font types used.rnrnWould you be able to let him know this, or could you forward them onto me yourself?rnrnThanks.

[DragonFire-N[R]]

I believe you are confusing the purpose of magic_quotes_gpc and magic_quotes_runtime. magic_quotes_runtime will add quotes to information obtained from any external source, such as a database or text file. magic_quotes_gpc simply adds quotes to data variables such as $_GET, $_POST, and $_COOKIE.

 

More appropriately, you should simply use the set_magic_quotes_runtime() function at the beginning of your code to disable this feature so that information obtained from your database does not contain quotes.

 

However, since you are experiencing issues with this function, it seems clear that the magic_quotes_runtime is already disabled and that you need not worry about removing slashes from information obtained from a MySQL database but as I already mentioned, if you feel the need to check that this function is enabled, use get_magic_quotes_runtime() rather than get_magic_quotes_gpc()

 

For more information about magic quotes, visit this link: http://us3.php.net/manual/en/security.magicquotes.php

[Demonic]

link=topic=208371.msg946745#msg946745 date=1216853360]

I believe you are confusing the purpose of magic_quotes_gpc and magic_quotes_runtime. magic_quotes_runtime will add quotes to information obtained from any external source, such as a database or text file. magic_quotes_gpc simply adds quotes to data variables such as $_GET, $_POST, and $_COOKIE.

 

More appropriately, you should simply use the set_magic_quotes_runtime() function at the beginning of your code to disable this feature so that information obtained from your database does not contain quotes.

 

However, since you are experiencing issues with this function, it seems clear that the magic_quotes_runtime is already disabled and that you need not worry about removing slashes from information obtained from a MySQL database but as I already mentioned, if you feel the need to check that this function is enabled, use get_magic_quotes_runtime() rather than get_magic_quotes_gpc()

 

For more information about magic quotes, visit this link: http://us3.php.net/manual/en/security.magicquotes.php

 

Apprently his server is saying magic quotes gpc is true which adds slashes, then i should strip them because mysql_real_escape_string will escape slashes which would possibly enable sql injection if tampered with correctly.

 

I rewritten my function:

 

function clean($text, $type = 0 ) {
$magic_quotes = get_magic_quotes_gpc();
switch( $type ) {
	case 1:
		return ( $magic_quotes == 1 ? htmlentities( stripslashes( $text ) ,ENT_QUOTES,'UTF-8') :  htmlentities( $text ,ENT_QUOTES,'UTF-8') );
	break;
	case 0:
		return ( $magic_quotes == 1 ? mysql_real_escape_string( stripslashes( $text ) ) : mysql_real_escape_string($text) );
	break;
}
}

 

Hopefully this will work out. (Also this is form data)