Am not too sure what this code does can someone help me please?
I know it starts a session but what all that xtra validation?
// start the session
session_start();
if (!get_magic_quotes_gpc()) {
if (isset($_POST)) {
foreach ($_POST as $key => $value) {
$_POST[$key] = trim(addslashes($value));
}
}
The function first checks if magic quotes is enabled with get_magic_quotes_gpc(). magic quotes automatically escapes some special characters needed for user submitted data to be safe to save to a database.
If magic quotes is turned off, the function then escapes all special chars in the $_POST http vars.
the function trim just removes white space and new lines, \n, from the beginning and end of each string $_POST var.
So essentially the function emulates magic qoutes turned on on any php configuration.
I dont believe this is a good practise. First off, you dont need to escape every single $_POST, $_GET, $_COOKIE var, only those you will be saving to a sql db, and those you will use in an sql query.
Also each sql db needs its data escaped differently.
A better approach would be to use one of the mysql library functions such as mysql_real_escape_string.
To use this function you need to have an open mysql connection.
see:
http://us3.php.net/mysql_real_escape_string 
Offline 
Unsolved 
