Hello Friends, am still having problem with mysql_real_escape_string in my forms. whether magic_quotes_gpc is On or Off, i still receive slashes in my entries. someone introduced this code mysql_real_escape_string(strip_tags($_POST['first_name'])); PHP: to me but stil end up in the same way. But i came up with the combination of these two $name2=stripslashes($_POST[name]); $sname=mysql_real_escape_string($name2); PHP: Pls can i use this or is there a better way of doing it?
You could create a function. <?php function protect($value){ $value = mysql_real_escape_string($value); $value = strip_tags($value); return $value; } $name = protect($_POST['first_name']); ?> PHP: Then you could just call out the protect function when you are using it to validate a field, its up to you. I hope it helps.
mysql_real_escape/-string will add slashes that are needed for making a string save to be stored in a db field. once it is saved you will no longer see the slashes
You have it right, the quick way would be mysql_real_escape_string(stripslashes($_POST['name'])); Code (markup): No need for a separate function.