MyBB Community Forums

MyBB Community Forums > Extensions > Plugins > Plugin Development > Intval & escape string usage.
Full Version: Intval & escape string usage.
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2 3

Nathan Malcolm

2012-05-25, 11:15 PM
(2012-05-25, 11:12 PM)Frank.Barry Wrote: [ -> ]Yes I am, sorry lol slap me quick lol

It's fine, everyone has their blonde moments. Smile

crazy4cs

2012-06-17, 09:30 AM
I was studying in more deep about this and learnt more few things. Instead of example I showed previously, could I directly use some code first, like:

function check_input($value)
{
    // Stripslashes
    if (get_magic_quotes_gpc()){
		$value = stripslashes($value);
    }
    // Quote if not a number
    if (!is_numeric($value)){
		$value = mysql_real_escape_string($value);
    }
    return $value;
}

Then in POST function, I make a check like:

$name = check_input($_POST['name']);

So that would be a little short and check for both, magic quotes and escape string as well.

That would be fine as well? Smile

Nathan Malcolm

2012-06-17, 01:41 PM
Using mysql_real_escape_string() would be enough. Magic quotes are a PITA and should always be disabled.

crazy4cs

2012-06-17, 01:44 PM
Ah, so it'd would be cool to bypass using them? Won't create any difference then?

Cheers.
Pages: 1 2 3
MyBB Community Forums > Extensions > Plugins > Plugin Development > Intval & escape string usage.