Let magic quotes disabled as it original setting
Use your created function to escape query information
I am using following functions

function filterString($value=''){
  $value = trim($value);
  $value = stripslashes($value);
  $value = strip_tags($value);
  return $value;
}

function addSlashString($value=''){
  $value = trim($value);
  $value = strip_tags($value);
  if (!get_magic_quotes_gpc())  {
   $value = addslashes($value);
  }
  return $value;
}



Regards, Milind B. Patil,
Sr. Developer
Embitel/dmc Systems India Pvt.Ltd Unit No.G002, Gamma Block
Sigma Soft-Tech Park Varthur Hobli, Bangalore-560066.
Karnataka, India Mobile :- 09972344118
milind.kp@...
mkumarpatil@... mkumarpatil@...  

--- On Tue, 2/6/09, Rohan Prabhu <rohan@...> wrote:

From: Rohan Prabhu <rohan@...>
Subject: Re: [in-phpug] magic_quotes_gpc
To: in-phpug@yahoogroups.com
Date: Tuesday, 2 June, 2009, 11:44 PM

















not really. Generally, magic quotes is switched off (because it can

cause unwanted changes to data at times). Als in PHP6, magic quotes is

going to be disabled. Given all this, switch magic quotes off and handle

each and every query that runs to the database. This is achieved by

using a custom made function that handles every query before it is sent

to the database server for querying.



abhishek jain wrote:

>

>

>

> Hi,

> I want to know a bit on SQL Injection.

> If in my server i have in php.ini

>

> magic_quotes_ gpc = On

>

> Is this sufficient for preventing sql injection?

> Please advice.

>

> Early replies will be appreciated.

> Thanks,

>

> --

> Regards,

> Abhishek jain

>

>





























Explore and discover exciting holidays and getaways with Yahoo! India
Travel http://in.travel.yahoo.com/

[Non-text portions of this message have been removed]