In our last episode, <47eb5d4a$0$90274$14726298@news.sunsite.dk>, the lovely
and talented ndlarsen broadcast on comp.lang.php:

> Hello.

> It's been a while since I used php. Since then magic quotes has been
> deprecated and will be removed when php 6.0 hits. My question is, what
> should I be using when submitting data to a database instead? Which is
> better for security reasons, addslashes() or mygql_real_escape_string()?

See the best practices example in the article on mysql_real_escpae_string in
the manual. For portability you need to check for whether magic quotes are
on and reverse them if they are. If portability is not a concern and it is
your own machine, you can turn magic quotes off and save a few steps.

mysql_real_escpae_string requires a database connection and will attempt to
establish one if it cannot find an explicit link or the default previous
link. The most convenient time, then, to apply it is just before entering
the data in the database.


--
Lars Eighner <http://larseighner.com/> usenet@larseighner.com
Countdown: 299 days to go.