""Jacob Kruger"" <jacobk@xxxxxxxxxxxxxx> schrieb im Newsbeitrag news:000301ca15cf$b71e72c0$6401a8c0@xxxxxxxxxxxxxxxxx > Ok, now got this from w3schools.com: > > function check_input($value) > { > // Stripslashes > if (get_magic_quotes_gpc()) > { > $value = stripslashes($value); > } > // Quote if not a number > if (!is_numeric($value)) > { > $value = "'" . mysql_real_escape_string($value) . "'"; > } > return $value; > } > > Will test it a bit, and see how it goes, but basically makes sense. A better name for this function would be e.g. ensure_escaped_string. Additionally, the function assumes that you pass it an already quoted value if get_magic_quotes_gpc() == true. I think it is better to separate the unquoting and factor it out into a separate function, unquoting all superglobal arrays that can contain quoted values ($_POST, $_GET, $_COOKIE). This is what I do in my scripts - you can be sure at any place you use the function that the value passed is definitely unquoted. Klaus Triendl -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
