magic_quotes_gpc or mysql_escape_string

sidsel

If I have magic_quotes_gpc ON do I need to worry about my mysql insertions?

Can magic_quotes_gpc and mysql_escape_string be used together or is this a bad idea?

MarkR

magic_quotes_gpc will cause values to be escaped even when you don't want them to be. As a result, data corruption will occur (mostly backslashes appearing all over the place).

Always have magic_quotes_gpc disabled.

If you MUST insert data into SQL statements directly (i.e. not using a prepared statement), then you should use mysql_real_escape_string (for MySQL, anyway).

Mark