which one will be better to use default magic quotes or user defined addslash/stripslash in PHP?
I want use the best one. please help me.
which one will be better to use default magic quotes or user defined addslash/stripslash
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
which one will be better to use default magic quotes or user defined addslash/stripslash in PHP?
I want use the best one. please help me.
neither.
magic quotes is the root of all evil! (in my eyes even worse than premature optimization xD)
and why do you want to create a user defined (
add|strip)slashes function, when there are native php ones?if you want to escape your date for a database use the database specific functions (e.g.
mysqli_real_escape_string)EDIT. to complete my answer (after debating with sadi in the comments):
if you want to display/output some input, use
htmlspecialcharsif you’re going to use your input in an URL, use
urlencodeso, there is no best or correct single way to encode your data. you have to use the right functions in the right place at the right time. each has its own purpose (see here: http://xkcd.com/163/)