MyBB Community Forums

Full Version: Intval & escape string usage.
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2 3
(2012-05-25, 11:12 PM)Frank.Barry Wrote: [ -> ]Yes I am, sorry lol slap me quick lol

It's fine, everyone has their blonde moments. Smile
I was studying in more deep about this and learnt more few things. Instead of example I showed previously, could I directly use some code first, like:

function check_input($value)
    // Stripslashes
    if (get_magic_quotes_gpc()){
		$value = stripslashes($value);
    // Quote if not a number
    if (!is_numeric($value)){
		$value = mysql_real_escape_string($value);
    return $value;

Then in POST function, I make a check like:

$name = check_input($_POST['name']);

So that would be a little short and check for both, magic quotes and escape string as well.

That would be fine as well? Smile
Using mysql_real_escape_string() would be enough. Magic quotes are a PITA and should always be disabled.
Ah, so it'd would be cool to bypass using them? Won't create any difference then?

Pages: 1 2 3