How can I replace the deprecated set_magic_quotes_runtime in php?

The set_magic_quotes_runtime function has been deprecated since PHP 5.3 and removed in PHP 7.0. If you are using this function in your code, you should consider replacing it with an alternative method of escaping and quoting user input.

One way to escape user input is to use the mysql_real_escape_string function or the PDO::quote method, depending on which database extension you are using. For example:

<?php

$conn = new PDO('mysql:host=localhost;dbname=test', $user, $pass);
$input = "O'Reilly";
$safe_input = $conn->quote($input);

Watch a video course Learn object oriented PHP

Alternatively, you can use prepared statements with placeholders, which handle escaping and quoting automatically. For example:

<?php

$conn = new PDO('mysql:host=localhost;dbname=test', $user, $pass);
$stmt = $conn->prepare("SELECT * FROM table WHERE column = :value");
$stmt->bindParam(':value', $input);
$input = "O'Reilly";
$stmt->execute();

Finally, you can use the htmlspecialchars function to escape user input that is going to be displayed as HTML. This is important to prevent cross-site scripting (XSS) attacks.

<?php

// Define a string containing HTML and JavaScript code.
$input = "<script>alert('Hello')</script>";

// Use the htmlspecialchars function to convert special characters in the input string to their corresponding HTML entities.
// This is done to prevent the code from being executed as JavaScript code in the browser.
$safe_input = htmlspecialchars($input);

// Echo the resulting string to the browser.
// The special characters have been converted to their HTML entity equivalents, which means that the browser will display the string as text rather than executing it as code.
echo $safe_input; // This will output the string "&lt;script&gt;alert('Hello')&lt;/script&gt;"

Try it Yourself »

How can I replace the deprecated set_magic_quotes_runtime in php?

Related Resources