inVINCEable Posted June 10, 2007 Share Posted June 10, 2007 So here is my register.php, and as you can guess, registered users for my site. My friend suggested I put this little bit of code saying it would take care of any input that was put in and it would take care of any problems with the characters input by the user such as backslashes, etc. Here is this code he said to include. function escape_data ($data) { global $dbc //declares by mysql_connect global if (ini_get('magic_quotes_gpc')) { $data = stripslashes($data); } return mysql_real_escape_string(trim($data), $dbc); } Now he said I would now be able to call escape_data anywhere throughout my website to fun the string through this function. Any input on this technique is greatly appreciated. Quote Link to comment https://forums.phpfreaks.com/topic/54969-my-friend-recomended-putting-an-escape_data-function-in-this/ Share on other sites More sharing options...
inVINCEable Posted June 10, 2007 Author Share Posted June 10, 2007 Nobody has a comment on this ? Quote Link to comment https://forums.phpfreaks.com/topic/54969-my-friend-recomended-putting-an-escape_data-function-in-this/#findComment-271876 Share on other sites More sharing options...
Hypnos Posted June 10, 2007 Share Posted June 10, 2007 Your friend is right. Using something like that helps against SQL injection. Just make sure you call it in your querys. Like: $query = 'SELECT * FROM `table` WHERE `user` = \'' . escape_data($_POST['username'] . '\''; Quote Link to comment https://forums.phpfreaks.com/topic/54969-my-friend-recomended-putting-an-escape_data-function-in-this/#findComment-271956 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.