What are the potential implications of not using mysql_real_escape_string when magic_quotes are enabled?

When magic_quotes are enabled, input data is automatically escaped with backslashes. This can lead to double escaping when using mysql_real_escape_string, resulting in incorrect data being stored in the database or potential security vulnerabilities. To solve this issue, you should check if magic_quotes are enabled and if so, strip the slashes before using mysql_real_escape_string.

if(get_magic_quotes_gpc()) {
    $input = stripslashes($input);
}
$input = mysql_real_escape_string($input);

Keywords

mysql_real_escape_string magic_quotes security vulnerability SQL injection data sanitization

What are the potential implications of not using mysql_real_escape_string when magic_quotes are enabled?

Keywords

Related Questions