afrikdeveloper Posted July 9, 2015 Share Posted July 9, 2015 Hi everybody, i am a PHP newbie, i have a web development projet and i need to know and understand php properly for that projet. In php 5, magic_quotes_gpc() is deprecated and remove, what others function we can use to prevent sql injection. So this is a function that i want to use in my proccess of preventing sql injection, but get_magic_quotes_gpc() is deprecated. Is there another work around for this function. any tips and explaination will help. thanks /=======THIS IS THE FUNCTION FROM THE PHP MANUAL function quote_smart($value, $handle) { // Stripslashes if (get_magic_quotes_gpc()) { $value = stripslashes($value); } // Quote if not integer if (!is_numeric($value)) { $value = "'" . mysqli_real_escape_string($value, $handle) . "'"; } return $value; } //=======END OF FUNCTION FROM THE PHP MANUAL Quote Link to comment https://forums.phpfreaks.com/topic/297236-get_magic_quotes_gpc-function-is-deprecated-some-help-please/ Share on other sites More sharing options...
boompa Posted July 9, 2015 Share Posted July 9, 2015 Use PDO or mysqli and prepared statements. Read the manual entry. Quote Link to comment https://forums.phpfreaks.com/topic/297236-get_magic_quotes_gpc-function-is-deprecated-some-help-please/#findComment-1515954 Share on other sites More sharing options...
scootstah Posted July 9, 2015 Share Posted July 9, 2015 I'm not sure what you're looking for. The code you posted has what you need. $value = "'" . mysqli_real_escape_string($value, $handle) . "'";This is how you prevent SQL injection. Quote Link to comment https://forums.phpfreaks.com/topic/297236-get_magic_quotes_gpc-function-is-deprecated-some-help-please/#findComment-1515965 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.