when magic_quotes_gp c = off, what is the difference between
addslashes($var ) and my_real_escape_ string($var).
I use a function from php manual like this:
function quote_smart($va lue)
{
// Stripslashes
if (get_magic_quot es_gpc()) {
$value = stripslashes($v alue);
}
// Quote if not integer
if (!is_numeric($v alue)) {
$value = " ' " . mysql_real_esca pe_string($valu e) . " ' ";
}
return $value;
}
I use it with a select query like this: "select * from table where id
= ".quote_smart($ _GET["id"]) and it doesn't work (no result returned).
But when I replace the quote_smart function with the normal addslashes
function, it works. (my default magic_quotes_gp c = off)
addslashes($var ) and my_real_escape_ string($var).
I use a function from php manual like this:
function quote_smart($va lue)
{
// Stripslashes
if (get_magic_quot es_gpc()) {
$value = stripslashes($v alue);
}
// Quote if not integer
if (!is_numeric($v alue)) {
$value = " ' " . mysql_real_esca pe_string($valu e) . " ' ";
}
return $value;
}
I use it with a select query like this: "select * from table where id
= ".quote_smart($ _GET["id"]) and it doesn't work (no result returned).
But when I replace the quote_smart function with the normal addslashes
function, it works. (my default magic_quotes_gp c = off)