My friend recomended putting an escape_data function in this...

So here is my register.php, and as you can guess, registered users for my site. My friend suggested I put this little bit of code saying it would take care of any input that was put in and it would take care of any problems with the characters input by the user such as backslashes, etc. Here is this code he said to include.



function escape_data ($data) {
global $dbc //declares by mysql_connect global
if (ini_get('magic_quotes_gpc')) {
$data = stripslashes($data);
}
return mysql_real_escape_string(trim($data), $dbc);
}






Now he said I would now be able to call escape_data anywhere throughout my website to fun the string through this function. Any input on this technique is greatly appreciated.

Personally I disable the magic quotes and run my code normally through escaping techniques. The only real problem I see with it is that its only really portable for use with a mysql database, though the escaping is common for most databases (except like, access I guess :P). Otherwise, yeah, that will work.

Looks fine except mysql_real_escape_string() requires PHP4.3+.
maybe check if mysql_real_escape_string() exists with function_exists('mysql_real_escape_string')..

I have that check in my database class but not sure if it ever goes on a server with PHP4 < 4.3.. but just to be safe I do include it..