Zaid Posted April 6, 2007 Share Posted April 6, 2007 and magic quotes runtime is switch OFF? if the answer is yes, then can you please tell me why? Quote Link to comment Share on other sites More sharing options...
MadTechie Posted April 6, 2007 Share Posted April 6, 2007 with magic quotes off, you will have to manually handle escaping special characters with mysql_real_escape_string() or addslashes(). Quote Link to comment Share on other sites More sharing options...
Zaid Posted April 6, 2007 Author Share Posted April 6, 2007 with magic quotes off, you will have to manually handle escaping special characters with mysql_real_escape_string() or addslashes(). wicked, so there is no need for complex coding, especially considering that fact that mysql_real_escape_string can only be called when there is an active MySQL db connection. thanks Quote Link to comment Share on other sites More sharing options...
MadTechie Posted April 6, 2007 Share Posted April 6, 2007 you will have to manually handle escaping special characters so becareful of SQL/HTML injection i dislike magic quotes since they have a bug which allows a buffer over run.. Quote Link to comment Share on other sites More sharing options...
$cripts Posted April 6, 2007 Share Posted April 6, 2007 i found this a while back dont remeber where from but even if magic quotes is enabled u still need to check everything a user inputs this will filture out everything function cleanstring($string) { $search = array ('@<script[^>]*?>.*?</script>@si', // Strip out javascript '@<[\/\!]*?[^<>]*?>@si', // Strip out HTML tags '@([\r\n])[\s]+@', // Strip out white space '@&(quot|#34);@i', // Replace HTML entities '@&(amp|#38);@i', '@&(lt|#60);@i', '@&(gt|#62);@i', '@&(nbsp|#160);@i', '@&(iexcl|#161);@i', '@&(cent|#162);@i', '@&(pound|#163);@i', '@&(copy|#169);@i', '@(\d+);@e'); // evaluate as php $replace = array ('', '', '\1', '"', '&', '<', '>', ' ', chr(161), chr(162), chr(163), chr(169), 'chr(\1)'); return preg_replace($search, $replace, $string); } Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.