0

Is it still relevant to use get_magic_quotes_gpc to prevent database attacks? I wanted to strip the extra slashes if magic quotes was enabled. 

if(get_magic_quotes_gpc()){
    If magic quotes is enabled, strip the extra slashes
    array_walk_recursive($_GET,create_function('&$v,$k','$v = stripslashes($v);'));
    array_walk_recursive($_POST,create_function('&$v,$k','$v = stripslashes($v);'));
}

I looked at the php manual and saw that it was deprecated. I am unsure of what alternatives I could use or if there may be a tweak I am unaware of. For I am still new to programming and learning different coding techniques. Any tips would be greatly appreciated

NullUserException
  • 81,190
  • 27
  • 202
  • 228
Octavius
  • 573
  • 5
  • 19

1 Answers1

1

Use this

function mysql_prep($value)
{
    $magic_quotes_active = get_magic_quotes_gpc();
    $new_enough_php = function_exists("mysql_real_escape_string");
    if ($new_enough_php) { 
        // undo any magic quote effects so mysql_real_escape_string can do the work
        if ($magic_quotes_active) {
            $value = stripslashes($value);
        }
        $value = mysql_real_escape_string($value);
    } else { 
        // if magic quotes aren't already on then add slashes manually
        if (!$magic_quotes_active) {
            $value = addslashes($value);
        }
        // if magic quotes are active, then the slashes already exist
    }
    return ($value);
}

I will suggest you to pdo prepared statement

$q=$pdo->prepare("query where id=:id");
$q->execute(array(":id"=>1))
StaticVariable
  • 5,233
  • 4
  • 22
  • 45