@ShrineDesignsMar 12.2005 — #adding slashes or using mysql_escape_string() is a good idea[code=php]foreach($_POST as $k => $v) { $_POST[$k] = (!get_magic_quotes_gpc()) ? addslashes($v) : $v; }[/code]
@AdamGundryMar 12.2005 — #Another tip is to accept user input as an integer where possible, then convert it with intval(). The basic principle is to choose what users are allowed to enter, rather than trying to disallow all dangerous stuff.
@ShrineDesignsMar 12.2005 — #[i]Originally posted by bokeh [/i]
[B]"magic quotes GPC on" can also help neutralise bogus form data. [/B][/QUOTE]magic_quotes_gpc automatically adds slashes to $_GET, $_POST, and $_COOKIE data