code example, secure and valid?

pyro13

if (get_magic_quotes_gpc()) {
	foreach ($_POST as $key => $val) {
		$_POST[$key] = stripslashes($val);

if (!is_numeric($val)) {
		$val = "'" . mysql_real_escape_string($val) . "'";
					   }
	$_POST[$key] =  strip_tags($val);
		}
	}
$first = $_POST["firstname"]
$secname = $_POST["secname"]
$addy = $_POST["address"]

would the above work? it should perform the action on all incoming 'POST' variables, and store them back into a further variable. rather than code it as a function and call it as im building a sql query... there is more filtering to be done on the 'POST' data.

would the outcome of this be protected from sql injection, and is this the best method of doing what i am doing above?

appreciate any advice/help🙂

crazychris

a stripslashes function I use can be refactored easily enough to do addslashes like so:

function stripslashes_deep($value) {
	$value = is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value);
	return $value;
}

function addslashes_deep($value) {
	$value = is_array($value) ? array_map('addslashes_deep', $value) : addslashes($value);
	return $value;
}