Greg Donald wrote:
On 5/30/07, Richard Lynch <ceo@xxxxxxxxx> wrote:
You want to use mysql_escape_string, and NOT addslashes and NOT Magic
Quotes.
function slashes( $var )
{
if( is_array( $var ) )
{
return array_map( 'slashes', $var );
}
else
{
return mysql_real_escape_string( $var );
}
}
Say I wanted to use this on something other than $_GET, $_POST, & $_COOKIE?
Would it not be better practice to do this the other way around?
function slashes ( $var ) {
if ( is_scalar($var) ) {
return mysql_real_escape_string( $var );
} else {
return array_map( 'slashes', $var );
}
}
This way, even if someone passes something that is not an array, but
still not processable by mysql_real_escape_string(), it won't foul up
the processor.
set_magic_quotes_runtime( 0 );
if( get_magic_quotes_gpc() == 0 )
{
$_GET = isset( $_GET )
? array_map( 'slashes', $_GET )
: array();
$_POST = isset( $_POST )
? array_map( 'slashes', $_POST )
: array();
$_COOKIE = isset( $_COOKIE )
? array_map( 'slashes', $_COOKIE )
: array();
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
