robert_gsfame Posted January 26, 2010 Share Posted January 26, 2010 I have retrieved some data from one table to be inserted into another table using this query $sql=mysql_query("SELECT * FROM table WHERE id='1'"); $array=mysql_fetch_array($sql); $name=$array['name']; * Let say i have $name= james"king" function clean($string) { if(get_magic_quotes_gpc()) { return stripslashes($string); }else{ return $string; } } mysql_query(sprintf("INSERT INTO table2(name, age)VALUES('%s','%s')", mysql_real_escape_string($name), mysql_real_escape_string($_POST['age'])); Let say if $_POST['age']= "25" * double quotes also included then i will have result like this in table2: name= NULL age= "25" Link to comment https://forums.phpfreaks.com/topic/189798-get_magic_quotes_gpc-drives-me-crazy/ Share on other sites More sharing options...
robert_gsfame Posted January 26, 2010 Author Share Posted January 26, 2010 got it! it should be mysql_real_escape_string(htmlspecialchars($name)) Link to comment https://forums.phpfreaks.com/topic/189798-get_magic_quotes_gpc-drives-me-crazy/#findComment-1001600 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.