Am not too sure what this code does can someone help me please?
I know it starts a session but what all that xtra validation?

// start the session

if (!get_magic_quotes_gpc()) {
if (isset($_POST)) {
foreach ($_POST as $key => $value) {
$_POST[$key] = trim(addslashes($value));

Edited by happygeek: fixed formatting

12 Years
Discussion Span
Last Post by nike123

It "escapes" certain characters. You need to look at the "addslashes" procedure to get a complete picture.


The function first checks if magic quotes is enabled with get_magic_quotes_gpc(). magic quotes automatically escapes some special characters needed for user submitted data to be safe to save to a database.

If magic quotes is turned off, the function then escapes all special chars in the $_POST http vars.

the function trim just removes white space and new lines, \n, from the beginning and end of each string $_POST var.

So essentially the function emulates magic qoutes turned on on any php configuration.

I dont believe this is a good practise. First off, you dont need to escape every single $_POST, $_GET, $_COOKIE var, only those you will be saving to a sql db, and those you will use in an sql query.

Also each sql db needs its data escaped differently.
A better approach would be to use one of the mysql library functions such as mysql_real_escape_string.

To use this function you need to have an open mysql connection.

see here

Edited by happygeek: fixed formatting

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.