Re: MySQL and PHP escaping, stripping and inserting

The87Boy escribió:
I read something about magic_quotes_gpc
Where I read they used both mysql_real_escape_string and addslashes

To read the data they then used stripslashes

magic_quotes_gpc is a "feature" where PHP would modify blindly all your input data hoping that you'll eventually use it all to compose strings using the MySQL syntax and omitting the escaping functions. When you happen to need something else with your data (e.g., print it on screen or insert it in Oracle) you're in trouble. It's dangerous, stupid and will be happily gone in PHP 6:

The best you can do is disabling it in your PHP set up. You can also add a previous check in your script and refuse to start if it's set:

-- - Álvaro G. Vicario - Burgos, Spain
-- Mi sitio sobre programación web:
-- Mi web de humor satinado: