extrovertive Posted August 30, 2006 Share Posted August 30, 2006 Since get_magic_quotes_gpc is enabled, all incoming client-side data will have slashes. So, do I eve need to use mysql_real_escape_string on my incoming form data? Link to comment https://forums.phpfreaks.com/topic/19110-do-i-need-to-use-mysql_real_escape_string-if-magic-quote-is-on/ Share on other sites More sharing options...
Orio Posted August 30, 2006 Share Posted August 30, 2006 mysql_real_escape_string has a better effect than magic_quotes. I suggest you to use the function I added below to remove the effect of the magic_quotes and escape the string using mysql_real_escape_string.[code]<?phpfunction sql_quote($value) { if(get_magic_quotes_gpc()) {$value = stripslashes($value);} if(function_exists("mysql_real_escape_string")) {$value = mysql_real_escape_string($value);} else {$value = addslashes($value);} return $value;}?>[/code]Orio. Link to comment https://forums.phpfreaks.com/topic/19110-do-i-need-to-use-mysql_real_escape_string-if-magic-quote-is-on/#findComment-82659 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.