Jump to content


This topic is now archived and is closed to further replies.


Do I need to use mysql_real_escape_string if magic quote is on?

Recommended Posts

Since get_magic_quotes_gpc is enabled, all incoming client-side data will have slashes. So, do I eve need to use mysql_real_escape_string on my incoming form data?

Share this post

Link to post
Share on other sites
mysql_real_escape_string has a better effect than magic_quotes. I suggest you to use the function I added below to remove the effect of the magic_quotes and escape the string using mysql_real_escape_string.


function sql_quote($value)
{$value = stripslashes($value);}

{$value = mysql_real_escape_string($value);}
{$value = addslashes($value);}

return $value;



Share this post

Link to post
Share on other sites


Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.