Am not too sure what this code does can someone help me please?
I know it starts a session but what all that xtra validation?

// start the session
session_start();


if (!get_magic_quotes_gpc()) {
if (isset($_POST)) {
foreach ($_POST as $key => $value) {
$_POST[$key] = trim(addslashes($value));
}
}

Edited 3 Years Ago by happygeek: fixed formatting

It "escapes" certain characters. You need to look at the "addslashes" procedure to get a complete picture.

The function first checks if magic quotes is enabled with get_magic_quotes_gpc(). magic quotes automatically escapes some special characters needed for user submitted data to be safe to save to a database.

If magic quotes is turned off, the function then escapes all special chars in the $_POST http vars.

the function trim just removes white space and new lines, \n, from the beginning and end of each string $_POST var.

So essentially the function emulates magic qoutes turned on on any php configuration.

I dont believe this is a good practise. First off, you dont need to escape every single $_POST, $_GET, $_COOKIE var, only those you will be saving to a sql db, and those you will use in an sql query.

Also each sql db needs its data escaped differently.
A better approach would be to use one of the mysql library functions such as mysql_real_escape_string.

To use this function you need to have an open mysql connection.

see here

Edited 3 Years Ago by happygeek: fixed formatting

This article has been dead for over six months. Start a new discussion instead.