extrovertive Posted August 30, 2006 Share Posted August 30, 2006 Since get_magic_quotes_gpc is enabled, all incoming client-side data will have slashes. So, do I eve need to use mysql_real_escape_string on my incoming form data? Quote Link to comment Share on other sites More sharing options...
Orio Posted August 30, 2006 Share Posted August 30, 2006 mysql_real_escape_string has a better effect than magic_quotes. I suggest you to use the function I added below to remove the effect of the magic_quotes and escape the string using mysql_real_escape_string.[code]<?phpfunction sql_quote($value) { if(get_magic_quotes_gpc()) {$value = stripslashes($value);} if(function_exists("mysql_real_escape_string")) {$value = mysql_real_escape_string($value);} else {$value = addslashes($value);} return $value;}?>[/code]Orio. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.