robert_gsfame Posted January 25, 2010 Share Posted January 25, 2010 I just wonder what is the use of get_magic_quotes_gpc() function compared to mysql_real_escape_string() As far as i know, get_magic_quotes_gpc() will add slash to all special characters like '', " ", \ so does the mysql_real_escape_string() What makes this 2 functions different?? and if it has the same function, then is it safe enough to use get_magic_quotes() Thx for any helps Quote Link to comment Share on other sites More sharing options...
MadTechie Posted January 25, 2010 Share Posted January 25, 2010 magic quotes are EVIL and have been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 6.0.0. Relying on this feature is highly discouraged. so for using STRING's in SQL use mysql_real_escape_string Quote Link to comment Share on other sites More sharing options...
robert_gsfame Posted January 25, 2010 Author Share Posted January 25, 2010 Okay, so what i have to do is to use mysql_real_escape_string() and use htmlspecialchars(stripslashes($value)) or htmlentities(stripslashes($value)) to retrieve the records.. is this correct?? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.