0

I am a beginner in php. I am running the final chapter project named Robin's Nest from the book "Learning PHP, MySQL and JavaScript with jQuery".

In the file function.php, the function sanitizeString raises the following deprecation error:

Deprecated: Function get_magic_quotes_gpc() is deprecated in C:\xampp2\htdocs\MyProjects\robinsnest\functions.php on line 42.

My version of php is 7.4.3 and I use Xampp on Windows 10 operating system. I checked the PHP manual for the function and saw that the function has been deprecated as of PHP 7.4.0.

How can I modify this function so that it doesn't use the deprecated function get_magic_quotes_gpc() and still get equivalent functionality as there seem to be no replacement function?

 function sanitizeString($var)
  {
    global $connection;
    $var = strip_tags($var);
    $var = htmlentities($var);
    if (get_magic_quotes_gpc())
      $var = stripslashes($var);
    return $connection->real_escape_string($var);
  }
halfer
  • 19,471
  • 17
  • 87
  • 173
Rilwan Smith
  • 13
  • 1
  • 6
  • Just get rid of that whole `if` statement. – Barmar Apr 03 '20 at 23:27
  • Does this answer your question? [How can I prevent SQL injection in PHP?](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Progman Apr 04 '20 at 07:30
  • Use prepared statements instead of string escaping - the latter misses some cases and can cause security vulnerabilities. – halfer Jun 06 '20 at 21:38
  • @halfer, when you run the Robin's Nest thing in localhost? Is it very slow? – deanstreet Dec 07 '20 at 06:59
  • @deanstreet: I think you intended your query for the author of this question, Rilwan Smith (my account is attached to the question because I edited it). – halfer Dec 07 '20 at 10:35
  • @Rilwan Smith When you run the Robin's Nest thing, do you find it very slow? – deanstreet Dec 07 '20 at 11:28
  • no it wasn't slow.@deanstreet – Rilwan Smith Dec 08 '20 at 21:37
  • This question is not a duplicate, however the other question is a duplicate of this question.This post was asked on April 3 2020 whereas the other post was asked on April 6 2020. – Rilwan Smith Aug 18 '21 at 00:58

1 Answers1

2

Just get rid of the code that uses the function. It hasn't been relevant for many versions.

 function sanitizeString($var)
  {
    global $connection;
    $var = strip_tags($var);
    $var = htmlentities($var);
    return $connection->real_escape_string($var);
  }

Note that this sanitization is not appropriate to begin with. htmlentities() should only be used when you're displaying data on a web page, not when you're processing input. And $connection->real_escape_string() should only be used when substituting variables into a SQL string, but it's better to use prepared statements for this.

Barmar
  • 669,327
  • 51
  • 454
  • 560