Hello all,
I need some help getting this understood.
I got magic_quotes_gpc on by default on my host, and i cannot change it from anywhere, the only way i can change it is adding the stripslashes function, but in the same time i also must use mysql_real_escape.
So i came across a problem, i got a form where ppl can uplaod comments, each newline gets transferred to <br>, however the function nl2br fails to transfer anything after i use both functions above.
So i tried a few ways (all fail, need explanation on why and how to solve)
- adding stripslashes and right after that mysql_real_escape
result: backslashes banish but nl2br function fails to add newlines. - using only mysql_real_escape
result: nl2br fails and backslashes are there. - using only stripslashes
result: nl2br success but regular backslashes added by the user are vanished, also as i read guides i see that its not safe not using mysql_real_escape, altho i dont know about the particular case where magic_quotes are on - using neither functions.
result: everything’s get uploaded as expected, but same as 3, not sure about the security when mysql_escape is not used.
Any ideas?
Thanks.