Mysql_Real_Escape_String Magic Quotes

[vinpkl]

hi all

 

We use mysql_real_escape_string

 

when magic_quotes_gpc is On

 

or

 

when magic_quotes_gpc is off

 

vineet

[kicken]

You use it regardless of the magic quotes setting.  However if magic quotes=on then you need to run your request data through stripslashes before hand.

[vinpkl]

hi

 

So I will have to convert all my present code

 

<?
$name = mysql_real_escape_string($_POST['name']);
$email = mysql_real_escape_string($_POST['email']);
$detail = mysql_real_escape_string($_POST['detail']);
?>

 

to like the below code on every page

 

<?
if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc())
{
   $name = stripslashes($_POST['name']);
   $email = stripslashes($_POST['email']);
   $detail = stripslashes($_POST['detail']);
}
$name = mysql_real_escape_string($_POST['name']);
$email = mysql_real_escape_string($_POST['email']);
$detail = mysql_real_escape_string($_POST['detail']);
?>

 

vineet

[vinpkl]

hi

 

how can i disable magic quotes.

 

i m on shared hosting

 

vineet

[Christian F.]

Best way, if you don't know whether or not you've got access to php.ini is to ask the host. If that doesn't help, then might be able to set the INI variables with .htaccess.

[MMDE]

You can also check the php.ini settings by using this function:

http://php.net/manual/en/function.ini-get.php