abdacted Posted July 3, 2011 Share Posted July 3, 2011 Hello everybody I have read some of "PHP for the World Wide Web: Visual QuickStart Guide" and Larry writes there to use stripslashes() function and mysqli_real_escape_string() while magicquote is running - as far as I remember. But the autor didn't tell why using these functions is better than keeping magicquotes running and not using those two above functions. Is it better to us those functions instead of magicquotes? Currently the server that I use uses magic quotes - though I can switch it to off. So I use neither stripslashes() nor mysqli_real_escape_string(). Am I right doing so? thanks in advance. Link to comment Share on other sites More sharing options...
Jonathon Posted July 3, 2011 Share Posted July 3, 2011 No, you shouldn't rely on magic_quotes at all. Magic quotes are now deprecated from PHP version 5.30, you can read what they are, why they were used and why not to use them at the link give too. Link to comment Share on other sites More sharing options...
abdacted Posted July 3, 2011 Author Share Posted July 3, 2011 Thanks for literature. I'm using magic quotes for now, and I wonder why there is no slash when I send from a form field "O'Connor" into data base. The data base displays: "O'Connor" not "O\'Connor". Hmm... Any hint for me please. Link to comment Share on other sites More sharing options...
Larry Posted July 4, 2011 Share Posted July 4, 2011 The slash is never stored, it's just used to prevent the query from breaking. Link to comment Share on other sites More sharing options...
abdacted Posted July 4, 2011 Author Share Posted July 4, 2011 I see. Thank you. So it appears that any MySQL database has a function that escapes every slash that is sent into? Link to comment Share on other sites More sharing options...
Larry Posted July 5, 2011 Share Posted July 5, 2011 I'm not exactly sure what you're asking here but it sounds like you're not quite grasping it. Link to comment Share on other sites More sharing options...
Recommended Posts