Hi,
I've got a "contact us" form on my website and naturally i'm trying to guard against sql injection/hacking
The body of the text gets run through the below function, however this means i end up with
How's it going = How\'s it going
Can someone tell me which part of the function causes this and a work around?
Thank you
function check_input($value)
{
if (get_magic_quotes_gpc())
{
$value = trim(stripslashes($value));
}
if (!is_numeric($value))
{
$value = trim(stripslashes($value));
$value = mysql_real_escape_string($value);
}
return $value;
}