Jump to content

Is there a need for mysql_real_escape_string when magic quotes are switched on

Zaid

By Zaid
in PHP Coding Help

Recommended Posts

Zaid Newbie

Zaid

Posted
  • Author
Posted

with magic quotes off, you will have to manually handle escaping special characters with mysql_real_escape_string() or addslashes().

 

wicked, so there is no need for complex coding, especially considering that fact that mysql_real_escape_string can only be called when there is an active MySQL db connection.

 

thanks  ;D

$cripts Member

$cripts

Posted
Posted

i found this a while back dont remeber where from but even if magic quotes is enabled u still need to check everything a user inputs this will filture out everything

function cleanstring($string)

{

$search = array ('@<script[^>]*?>.*?</script>@si', // Strip out javascript

                '@<[\/\!]*?[^<>]*?>@si',          // Strip out HTML tags

                '@([\r\n])[\s]+@',                // Strip out white space

                '@&(quot|#34);@i',                // Replace HTML entities

                '@&(amp|#38);@i',

                '@&(lt|#60);@i',

                '@&(gt|#62);@i',

                '@&(nbsp|#160);@i',

                '@&(iexcl|#161);@i',

                '@&(cent|#162);@i',

                '@&(pound|#163);@i',

                '@&(copy|#169);@i',

                '@(\d+);@e');                    // evaluate as php

 

    $replace = array ('',

                  '',

                  '\1',

                  '"',

                  '&',

                  '<',

                  '>',

                  ' ',

                  chr(161),

                  chr(162),

                  chr(163),

                  chr(169),

                  'chr(\1)');  

 

return preg_replace($search, $replace, $string);

}

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.