2012-05-25, 11:15 PM
2012-06-17, 09:30 AM
I was studying in more deep about this and learnt more few things. Instead of example I showed previously, could I directly use some code first, like:
Then in POST function, I make a check like:
So that would be a little short and check for both, magic quotes and escape string as well.
That would be fine as well?
function check_input($value)
{
// Stripslashes
if (get_magic_quotes_gpc()){
$value = stripslashes($value);
}
// Quote if not a number
if (!is_numeric($value)){
$value = mysql_real_escape_string($value);
}
return $value;
}
Then in POST function, I make a check like:
$name = check_input($_POST['name']);
So that would be a little short and check for both, magic quotes and escape string as well.
That would be fine as well?
2012-06-17, 01:41 PM
Using mysql_real_escape_string() would be enough. Magic quotes are a PITA and should always be disabled.
2012-06-17, 01:44 PM
Ah, so it'd would be cool to bypass using them? Won't create any difference then?
Cheers.
Cheers.