Mysql_Real_Escape_String Magic Quotes

vinpkl · November 4, 2012

hi all

We use mysql_real_escape_string

when magic_quotes_gpc is On

or

when magic_quotes_gpc is off

vineet

kicken · November 4, 2012

You use it regardless of the magic quotes setting. However if magic quotes=on then you need to run your request data through stripslashes before hand.

vinpkl · November 4, 2012

hi

So I will have to convert all my present code

<?
$name = mysql_real_escape_string($_POST['name']);
$email = mysql_real_escape_string($_POST['email']);
$detail = mysql_real_escape_string($_POST['detail']);
?>

to like the below code on every page

<?
if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc())
{
   $name = stripslashes($_POST['name']);
   $email = stripslashes($_POST['email']);
   $detail = stripslashes($_POST['detail']);
}
$name = mysql_real_escape_string($_POST['name']);
$email = mysql_real_escape_string($_POST['email']);
$detail = mysql_real_escape_string($_POST['detail']);
?>

vineet

vinpkl · November 4, 2012

hi

how can i disable magic quotes.

i m on shared hosting

vineet

Christian F. · November 4, 2012

Best way, if you don't know whether or not you've got access to php.ini is to ask the host. If that doesn't help, then might be able to set the INI variables with .htaccess.

MMDE · November 4, 2012

You can also check the php.ini settings by using this function:

http://php.net/manual/en/function.ini-get.php

Sign In

Mysql_Real_Escape_String Magic Quotes

Recommended Posts

vinpkl

Link to comment

Share on other sites

kicken

Link to comment

Share on other sites

vinpkl

Link to comment

Share on other sites

vinpkl

Link to comment

Share on other sites

Christian F.

Link to comment

Share on other sites

MMDE

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information