PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
Hey gurus as my host wont turn off maigic quotes on the server i can not use mysql real escape string, so i am using this function to try avoid the slashes on a sign up form.
synical21 wrote:Hey gurus as my host wont turn off maigic quotes on the server i can not use mysql real escape string, so i am using this function to try avoid the slashes on a sign up form.
Is this method effective or not? If not i would apreciate any touch ups or ideas.
No, you should apply any regex BEFORE you md5 it. Once it's md5 it will definitely only be alpha numeric with no spaces or anything, that's the only thing md5 will replace... so basically your onlyLetters(md5()) is just taking longer because you do a regex that does nothing.
mysql_function(): WARNING: This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQLextension should be used. See also MySQL: choosing an API guide and related FAQ for more information.
I didnt use mysql_real_escape_string because the slashes in the database were annoying the hell out of me. Now looking at the stripslashes solution ill happily use mysql_real_escape_string makes my life alot easier
The slashes are gone now but the ' still remains when i checked the DB record, does mysql_real_escape_string do that? Im not to sure how it works but i thought it would delete illegal characters such as '.
The slashes are gone now but the ' still remains when i checked the DB record, does mysql_real_escape_string do that? Im not to sure how it works but i thought it would delete illegal characters such as '.
Why is that an illegal character? If you don't want ' I hope none of your fields contain text, because ' is used very frequently in text.
mysql_function(): WARNING: This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQLextension should be used. See also MySQL: choosing an API guide and related FAQ for more information.
Oh yeah good point lol i wasnt thinking at all about the user, i was just thinking about how some people use ' in sql injections my bad lol. Looks like it is fixed then, thanks for your help all
mysql_real_escape_string() adds slashes in front of bad characters such as '. Those slashes don't get stored however, so the contents of the field is the same as the value before being run through mysql_real_escape_string(). The purpose is not to modify the value inserted into the database, but to allow any value to be safely inserted into the database.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.