dannypritchett01
New Member
I've seen dozens of PHP snippets that go like this:\[code\]function DB_Quote($string){ if (get_magic_quotes_gpc() == true) { $string = stripslashes($string); } return mysql_real_escape_string($string);}\[/code\]What happens if I call \[code\]DB_Quote("the (\\) character is cool");\[/code\]? (Thanks jspcal!)Aren't we supposed to strip slashes only when \[code\]get_magic_quotes_gpc() == true\[/code\] and the value originated from \[code\]$_GET\[/code\], \[code\]$_POST\[/code\] or \[code\]$_COOKIE\[/code\] superglobals?