bobicles2 Posted April 25, 2010 Share Posted April 25, 2010 function clean($input) { $input = @trim($input); if(get_magic_quotes_gpc()) { $input = stripslashes($input); } return mysql_real_escape_string($input); } i orginally had this function, shown above to clean up my inputs and prevent SQL injection. However, Magic_quotes_gpc is no longer supported. and this method although clear to me seems a little long winded! is there an easier way for me to clean up my inputs thoroughly? and to avoid SQL injection thanks rob Quote Link to comment https://forums.phpfreaks.com/topic/199714-sanitizing-function/ Share on other sites More sharing options...
mikesta707 Posted April 25, 2010 Share Posted April 25, 2010 since magic quotes is no longer supported, I suppose you could just get rid of the if statement. something like function clean($var){ return mysql_real_escape_string(trim($var)); } should suffice. However, it may be a good idea to keep the if statement so your code is more portable. If you use that code on a server with php 4 or 5 (and magic quotes gpc is enabled) then it may not work as suspected. Quote Link to comment https://forums.phpfreaks.com/topic/199714-sanitizing-function/#findComment-1048221 Share on other sites More sharing options...
salathe Posted April 26, 2010 Share Posted April 26, 2010 Just because magic quotes is deprecated does not mean a server running this script will always have magic quotes turned off (unless the script will only ever run on your boxes, and you can guarantee it will never be enabled). Quote Link to comment https://forums.phpfreaks.com/topic/199714-sanitizing-function/#findComment-1048389 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.