It's recommend that developers do their own string escaping, as if magic quotes is off, and use the below code to strip the additional slashes resulting from a PHP installation where magic quotes is on.
//----------------------------------------------------
// Is magic quotes on?
if (get_magic_quotes_gpc()) {
// Yes? Strip the added slashes
$_REQUEST = array_map('stripslashes', $_REQUEST);
$_GET = array_map('stripslashes', $_GET);
$_POST = array_map('stripslashes', $_POST);
$_COOKIE = array_map('stripslashes', $_COOKIE);
}
//----------------------------------------------------
//----------------------------------------------------
Mysql blob data
In PHP, you can insert data into the database like so:
$data = addslashes(fread(fopen($_FILES['doc']['tmp_name'], "r"), $_FILES['doc']['size']));
Then insert the $data element into the blob field.
This is useful if the documents need to be kept secure, for example if you need each user to be able to only access one file but not another. Beats out trying to work out multiple htaccess directories, which otherwise the links can be passed around.
//------------------
string htmlentities(string string);
and
string htmlspecialchars(string string);
will convert special characters "&'<>.." to HTML string, such as "...
?>
<tr><td>
Last Name:
</td>
<td><input name="rlname" value="" type="text" maxlength=20 size="20"> </td>
</tr>