A few question, (Filtering Variables, Checking if sessions exists or not, ...)

[FrOzeN]

Just a few quick questions, so I contained them to one topic.

 

---

1.

 

I'm reading variables from $_COOKIE, $_GET, $_POST, and $_SESSION, and I need to filter them before inserting the information into a MySQL table. I came across these two functions: mysql_real_escape_string() and addslashes(). But I'm not to sure of the difference, so I don't know which one should be used where.

 

Say $_POST['username'] contains Fr'Oz'e'N, and I then wanted to insert it into a MySQL table. What function do I run it through first?

 

Also, I came across get_magic_quotes_gpc(). If I were to turn it on (not sure if it's on or off at the moment, never used it before). Would it automatically filter the variables?

 

---

2.

 

I've seen numerous methods of doing this, but what's (well, generally) the best way to check if $_POST/$_GET contains any data, and if a $_SESSION exists or not?

 

I'm asking this as from what I've seen, it involves checking all the parts of the array. Like if (!empty($_POST['username']) && !empty($_POST['password'])) {, etc. I'm curious to know if something like if (isset($_POST)) { can be done, or an efficient shortcut?

 

And with sessions, I figured it would be a different method to the $_POST/$_GET as it registers an id. Would if (!empty(session_id())) { be suitable?, or is there a better way? (Note: not sure if this works, just an assumption).

 

---

 

Thanks.