Because I'm asking whether these functions work, I selected this forum for my post
If I have a large website with lots of form data, I have to use mysql_real_escape_string for each form field.
I saw a code somewhere that seems to do all
For example if I include connect.php at the first line of all my php files, and put this code in connect.php, will that be enough?
What do you think?
Code: Select all
$db = mysql_connect("localhost", "user", "pass") or die("Could not connect.");
if(!$db)
die("no db");
if(!mysql_select_db("board",$db))
die("No database selected.");
if(!get_magic_quotes_gpc())
{
$_GET = array_map('mysql_real_escape_string', $_GET);
$_POST = array_map('mysql_real_escape_string', $_POST);
$_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);
}
else
{
$_GET = array_map('stripslashes', $_GET);
$_POST = array_map('stripslashes', $_POST);
$_COOKIE = array_map('stripslashes', $_COOKIE);
$_GET = array_map('mysql_real_escape_string', $_GET);
$_POST = array_map('mysql_real_escape_string', $_POST);
$_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);
}