How can you prevent SQL injections? I've heard the best way is not to use variables in SQL queries but isn't this really hard to achieve when making a complex script?
What does OOP have to do with escaping characters in HTTP strings? :s
Code:
<?php
// If magic quotes are enabled, strip slashes from all user data
function stripslashes_recursive($var) {
return (is_array($var) ? array_map('stripslashes_recursive', $var) : stripslashes($var));
}
if (get_magic_quotes_gpc()) {
$_GET = stripslashes_recursive($_GET);
$_POST = stripslashes_recursive($_POST);
$_COOKIE = stripslashes_recursive($_COOKIE);
}
?>