Results 1 to 4 of 4
Thread: magic_quotes_gpc confusion
Mar 27, 2012, 05:25 #1
- Join Date
- Jun 2010
- 1 Post(s)
- 0 Thread(s)
I need some help getting this understood.
I got magic_quotes_gpc on by default on my host, and i cannot change it from anywhere, the only way i can change it is adding the stripslashes function, but in the same time i also must use mysql_real_escape.
So i came across a problem, i got a form where ppl can uplaod comments, each newline gets transferred to <br>, however the function nl2br fails to transfer anything after i use both functions above.
So i tried a few ways (all fail, need explanation on why and how to solve)
1) adding stripslashes and right after that mysql_real_escape
result: backslashes banish but nl2br function fails to add newlines.
2) using only mysql_real_escape
result: nl2br fails and backslashes are there.
3) using only stripslashes
result: nl2br success but regular backslashes added by the user are vanished, also as i read guides i see that its not safe not using mysql_real_escape, altho i dont know about the particular case where magic_quotes are on
4) using neither functions.
result: everything's get uploaded as expected, but same as 3, not sure about the security when mysql_escape is not used.