HDFilmMaker2112 Posted November 16, 2011 Share Posted November 16, 2011 For some reason I commented out mysql_real_escape_string on my sanitize function, and I don't remember why I did it. Is it something that is vital and I should un-comment it out? function sanitize($formValue){ if(function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) { $formValue = stripslashes($formValue); } //$formValue = mysql_real_escape_string($formValue); return $formValue; } Link to comment https://forums.phpfreaks.com/topic/251233-form-sanitize/ Share on other sites More sharing options...
phporcaffeine Posted November 16, 2011 Share Posted November 16, 2011 For some reason I commented out mysql_real_escape_string on my sanitize function, and I don't remember why I did it. Is it something that is vital and I should un-comment it out? function sanitize($formValue){ if(function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) { $formValue = stripslashes($formValue); } //$formValue = mysql_real_escape_string($formValue); return $formValue; } Right, so what mysql_real_escape_string() does is escape any special entities that MySQL, specifically, would require, that have not previously been escaped in the string. If you're inserting binary data, you must use it. It really is a good idea to use before sending untrusted data into a query. http://php.net/manual/en/function.mysql-real-escape-string.php Link to comment https://forums.phpfreaks.com/topic/251233-form-sanitize/#findComment-1288593 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.