By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
434,998 Members | 2,773 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 434,998 IT Pros & Developers. It's quick & easy.

SQL Injection PHP

P: 17
Dear Friend,
get_magic_quotes_gpc() is turned on or off, where it decided? whether its depends on Hosting server Or, PHP Version. One more, if get_magic_quotes_gpc() turn on that means i don't need to use precaution code like mysql_real_escape_string, addslashes etc..am i correct or not? Please Thanks.
Jan 27 '12 #1

✓ answered by Dormilich

PHP 4 or PHP 5, as far as I can see in the manual.

Share this Question
Share on Google+
8 Replies


Dormilich
Expert Mod 5K+
P: 8,639
youíre not correct. addslashes() and mysql_real_escape_string() can escape different characters, just what PHP resp. MySQL deem necessary. I may also note that mysql_real_escape_string() (unlike Prepared Statements) canít prevent all SQL Injection attacks.
Jan 27 '12 #2

P: 17
@Dormilich
if get_magic_quotes_gpc() is turn on, why should I care about sql injection, I thing it ll take care all
Jan 27 '12 #3

P: 17
then whats purpose of mysql_real_escape_string()
Jan 27 '12 #4

Dormilich
Expert Mod 5K+
P: 8,639
ever thought about SQL Injections that ain’t based upon the ' ?

Escapes special characters in the unescaped_string, taking into account the current character set of the connection so that it is safe to place it in a mysql_query(). If binary data is to be inserted, this function must be used.

mysql_real_escape_string() calls MySQL's library function mysql_real_escape_string, which prepends backslashes to the following characters: \x00, \n, \r, \, ', " and \x1a.

This function must always (with few exceptions) be used to make data safe before sending a query to MySQL.
answer enough?
Jan 27 '12 #5

P: 17
Pls one more ..
what are the dependency for get_magic_quotes_gpc();
Jan 27 '12 #6

P: 17
Pls one more ..
what are the dependency for get_magic_quotes_gpc(); to turn on or off...
Jan 27 '12 #7

Dormilich
Expert Mod 5K+
P: 8,639
PHP 4 or PHP 5, as far as I can see in the manual.
Jan 27 '12 #8

P: 17
Thank you very much. Bye.
Jan 27 '12 #9

Post your reply

Sign in to post your reply or Sign up for a free account.