Greetings!
Im very beginner with php and Im trying to make a little pm system for ma project but I have a big headache from magic-quote and sql security.
My problem is with the message body.
I tried to use the following line to retrieve the information:
$body = mysqli_real_escape_string ($dbc, $_POST['body']);
But the server has magic-quotes activated and I get double escaping.
My question would be if I use only this code, would it be safe:
if (!empty($_POST['body'])) {
$body = stripcslashes($_POST['body']);
}
else{
$error_body = '<span class="error">Write something...</span>';
}
Or how can be this solved? Some servers do not have magic-quotes activated.
And another big question:
No new lines are sent in the body of the message, so if I write two lines (new line= enter), and send it on email, that will be only one line.
Thank you very much for your help!
