magic_quotes_gpc is deprecated? help

General PHP Help
#1

Hi everybody,

i am a PHP newbie, i have a web development projet and i need to know and understand php properly for that projet.

In php 5, magic_quotes_gpc() is deprecated and remove, what others function we can use to prevent sql injection.

So this is a function that i want to use in my proccess of preventing sql injection, but

get_magic_quotes_gpc() is deprecated. Is there another work around for this function. any tips and explaination will help. thanks

/=======THIS IS THE FUNCTION FROM THE PHP MANUAL
function quote_smart($value, $handle)
{
// Stripslashes
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
// Quote if not integer
if (!is_numeric($value)) {
$value = “’” . mysqli_real_escape_string($value, $handle) . “’”;
}
return $value;
}

//=======END OF FUNCTION FROM THE PHP MANUAL

#2

Prepared Statements

More than likely, you will also want to look at mysqli and PDO as well.

#3

magic_quotes was one of the biggest programming blunders ever developed. Like stated prepared statements is probably the answer you’re looking for.

#4

Hi everybody,
I am a php developer newbie. I really want to master php in my road on becoming a serious developer. I came to know that the

get_magic_quotes_gpc() function is deprecated in php 5.5 and removed. is there any function that could help in security?

Pleas take a look at this function and give your views. is this code good? Any tips and advise will help

function quote_smart($value, $handle)
{
// Stripslashes
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
// Quote if not integer
if (!is_numeric($value)) {
$value = “’” . mysql_real_escape_string($value, $handle) . “’”;
}
return $value;
}

thanks.

Sponsor our Newsletter | Privacy Policy | Terms of Service