>I am trying to make my PHP safe against malicious data user inputs. >Reading up on this most people suggest using addslashes(), magic_quotes >on and other things like mysql_escape_string(); > >But I have been running into the problem that I mess up the user's input >because I use more then one of these functions in succession on the data. > >Is there any way to prevent the "re-escaping"/"re-slashing" of data that >has already been escaped or slashed?
There are functions to determing if Magic Quotes are on or not. So, you would do: function maybe_addslashes($text = ''){ if (get_php_ini('magic_quotes')){ $result = $text; } else{ $result = addslashes($text); } return $result; } This is not nearly enough to stop 'malicious' data -- It simply makes it easier to insert the data they have provided to a database... -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php