Jump to content

Archived

This topic is now archived and is closed to further replies.

extrovertive

Do I need to use mysql_real_escape_string if magic quote is on?

Recommended Posts

Since get_magic_quotes_gpc is enabled, all incoming client-side data will have slashes. So, do I eve need to use mysql_real_escape_string on my incoming form data?

Share this post


Link to post
Share on other sites
mysql_real_escape_string has a better effect than magic_quotes. I suggest you to use the function I added below to remove the effect of the magic_quotes and escape the string using mysql_real_escape_string.

[code]<?php

function sql_quote($value)
{
if(get_magic_quotes_gpc())
{$value = stripslashes($value);}

if(function_exists("mysql_real_escape_string"))
{$value = mysql_real_escape_string($value);}
else
{$value = addslashes($value);}

return $value;
}

?>[/code]

Orio.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.