get_magic_quotes_gpc PHP Function & data filtering

get_magic_quotes_gpc()

There is a PHP feature or function called as magic quotes that was created to help protect newbie programmers from writing bad form processing code. Magic quotes will automatically escape risky form data that might be used for SQL Injection with a backslash \.

The characters escaped by PHP magic quotes includes : quote ‘, double quote “, backslash \ and NULL characters.

You need to check to see if you have magic quotes enabled on you server. The get_magic_quotes_gpc function will return a 0 (off) or a 1 (on).

<?php
/*  function to insert the data in database safely */
function filter($str)
{
	$str = trim($str);
	if (!get_magic_quotes_gpc()) {
		return addslashes($str);
	} else {
		return $str;
	}
}
?>

Get back data from database and remove the filter (to remove the slashes).

<?php
/*  function to remove the slashes that was the added during the data insertion in database */
function remove_filter($str)
{
	return stripcslashes($str);
}
?>

In the later version of PHP 5.4 or later it will always returns FALSE because the magic quotes feature was removed.

We can get_magic_quotes_gpc will deprecated in later versions of PHP.

ScriptArticle.com

Home → Coding & Programming

get_magic_quotes_gpc PHP Function & data filtering

Post by Mahesh Yadav

Home → Coding & Programming

get_magic_quotes_gpc PHP Function & data filtering

Marquee tag in HTML and its attributes

PHP: Simple function to encode and decode string in php

Post by Mahesh Yadav

Recommended Posts for You

MySQL vs MongoDB: Comparison Between RDBMS and Document Oriented DB

How to import an SQL file using command line in MySQL?

MySQL Interview Questions & Answers