364,111 Members | 2089 Browsing Online
Community for Developers & IT Professionals
Bytes IT Community
Post New Question »
Latest Articles Questions FAQ
home > php > php questions

SQL Injection PHP

harintfs
P: 16
Dear Friend,
get_magic_quotes_gpc() is turned on or off, where it decided? whether its depends on Hosting server Or, PHP Version. One more, if get_magic_quotes_gpc() turn on that means i don't need to use precaution code like mysql_real_escape_string, addslashes etc..am i correct or not? Please Thanks.
Jan 27 '12 #1

✓ answered by Dormilich

PHP 4 or PHP 5, as far as I can see in the manual.
Share this Question
Share on Google+
8 Replies
Dormilich
Expert Mod 5K+
P: 6,608
you’re not correct. addslashes() and mysql_real_escape_string() can escape different characters, just what PHP resp. MySQL deem necessary. I may also note that mysql_real_escape_string() (unlike Prepared Statements) can’t prevent all SQL Injection attacks.
Jan 27 '12 #2
harintfs
P: 16
@Dormilich
if get_magic_quotes_gpc() is turn on, why should I care about sql injection, I thing it ll take care all
Jan 27 '12 #3
harintfs
P: 16
then whats purpose of mysql_real_escape_string()
Jan 27 '12 #4
Dormilich
Expert Mod 5K+
P: 6,608
ever thought about SQL Injections that ain’t based upon the ' ?

Escapes special characters in the unescaped_string, taking into account the current character set of the connection so that it is safe to place it in a mysql_query(). If binary data is to be inserted, this function must be used.

mysql_real_escape_string() calls MySQL's library function mysql_real_escape_string, which prepends backslashes to the following characters: \x00, \n, \r, \, ', " and \x1a.

This function must always (with few exceptions) be used to make data safe before sending a query to MySQL.
answer enough?
Jan 27 '12 #5
harintfs
P: 16
Pls one more ..
what are the dependency for get_magic_quotes_gpc();
Jan 27 '12 #6
harintfs
P: 16
Pls one more ..
what are the dependency for get_magic_quotes_gpc(); to turn on or off...
Jan 27 '12 #7
Dormilich
Expert Mod 5K+
P: 6,608
PHP 4 or PHP 5, as far as I can see in the manual.
Jan 27 '12 #8
harintfs
P: 16
Thank you very much. Bye.
Jan 27 '12 #9

Post your reply

Help answer this question



Didn't find the answer to your PHP question?

You can also browse similar questions: PHP get_magic_quotes_gpc mysql_real_escape_string php

Question stats

  • viewed: 292
  • replies: 8
  • date asked: Jan 27 '12

Most Active

  1. Markus3415
  2. Atli2979
  3. Dormilich2650
  4. pbmods2642
  5. ronverdonk2577

Most Questions Answered

  1. Dormilich68
  2. Atli54
  3. Markus47
  4. dlite92223
  5. johny1015198122

Top Questions

  1. PHP - Dynamic Drop Down Menu225775
  2. how to decrypt the md5 encrypted password133054
  3. convert array to string74491
  4. multiple checkbox56596
  5. where is php5apache2_2.dll?53942

Latest Questions

  1. I can't understand or fix this problem135
  2. send users activation Email for the new accounts102
  3. How to query XML data? Move data to MySQL or xQuery?137
  4. How to send option values to diffrent db tables129
  5. I have to click a search button twice in order to get the results when the file loads119

Similar topics

More

BYTES.COM © 2012
Formerly "TheScripts.com" from 2005-2008
About Bytes | Advertise on Bytes
Sitemap | PHP Answers Sitemap | PHP Insights Sitemap

Follow us to get the Latest Bytes Updates