Hello, I've been using the following function for all the data that's is stored on any DB of the CMSs I've created:
/** Function for escaping and trimming form data */
function escape_data($data){
global $dbc;
if(ini_get('magic_quotes_gpc') || ini_get('magic_quotes_runtime')){
$data = stripslashes($data);
}
return mysql_real_escape_string(trim($data),$dbc);
}
Unfortunately, on the server I host my sites they have magic_quotes_gpc on.
It's not easy to get the desired output when pulling off the data from the db, though.
Latelly I've read some articles about security, XSS, sql injection and other things.
Some say that you should use stripslashes just before printing the data, some recommend using htmlentities or strip_tags.
Can you give me your oppinion on this?
What about my function?
When should I use what function for better and more secure results?
Any help will be appreciated!
