Menu
Community /Pin to ProfileBookmark
@NogDogNov 18.2008 — #You can take it one step further and undo the "damage" if it's turned on:
Of course, it will be more efficient if you can explicitly turn it off in your configuration and not have to do this extra processing. ?
mysql_real_escape_string
Hi I’m doing some php security and have been reading up on using mysql_real_escape_string instead of addslashes. Apparently mysql_real_escape_string is more secure than addslashes and you don’t have to decode your database entries when you want to call them back out – this only works however if you have magic_quotes_gpc turned off. So my question is how do you test to see if it’s working??
Sorry if it’s a stupid question!
Sign in
to post a comment2 Comments(s) ↴
0
@NogDogNov 18.2008 — #You can take it one step further and undo the "damage" if it's turned on:[code=php]
if(get_magic_quotes_gpc())
{
function undo_magic_quotes(&$val, $key)
{
$val = stripslashes($val);
}
if($_POST) { array_walk_recursive($_POST, 'undo_magic_quotes'); }
if($_GET) { array_walk_recursive($_GET, 'undo_magic_quotes'); }
if($_COOKIE) { array_walk_recursive($_COOKIE, 'undo_magic_quotes'); }
}
[/code]Of course, it will be more efficient if you can explicitly turn it off in your configuration and not have to do this extra processing. ?