Quote:
|
Originally Posted by ScannerX
magic_quotes_gpc = On, this will automagically escape all quotes, taking essentially care of 90% of your SQL injection worries.
|
However, you shouldn't ever assume it's gonna be enabled on every machine. I'll share two functions that I use to escape quotes in data:
PHP Code:
if(!function_exists('my_stripslashes')) { function my_stripslashes($str) { if (!get_magic_quotes_gpc()) { return stripslashes($str); } else { return $str; }}}
if(!function_exists('my_addslashes')) { function my_addslashes($str) { if (!get_magic_quotes_gpc()) { return addslashes($str); } else { return $str; }}}