HDFilmMaker2112 Posted November 16, 2011 Share Posted November 16, 2011 For some reason I commented out mysql_real_escape_string on my sanitize function, and I don't remember why I did it. Is it something that is vital and I should un-comment it out? function sanitize($formValue){ if(function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) { $formValue = stripslashes($formValue); } //$formValue = mysql_real_escape_string($formValue); return $formValue; } Quote Link to comment Share on other sites More sharing options...
phporcaffeine Posted November 16, 2011 Share Posted November 16, 2011 For some reason I commented out mysql_real_escape_string on my sanitize function, and I don't remember why I did it. Is it something that is vital and I should un-comment it out? function sanitize($formValue){ if(function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) { $formValue = stripslashes($formValue); } //$formValue = mysql_real_escape_string($formValue); return $formValue; } Right, so what mysql_real_escape_string() does is escape any special entities that MySQL, specifically, would require, that have not previously been escaped in the string. If you're inserting binary data, you must use it. It really is a good idea to use before sending untrusted data into a query. http://php.net/manual/en/function.mysql-real-escape-string.php Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.