I have an application made in php and my database is mysql. For years the application worked correctly, but a few days ago I updated my version of XAMPP, and it was updated my version of PHP, now I have the 5.4. The problem now is to query database. The application is for a hospital, and, for example, I have many patients with last names containing single quotes. For example: Claudio O'Connor. When I perform an update on this table, with some patient containing double quotes in its name, obviously the application fails. For example:
UPDATE patients SET lastname = 'O'Connor' WHERE idPatient = 92565
I think this problem has to do with the deprecation of the magic quotes. The problem is that the application is immense, and I can not fix this problem by looking at all the queries one by one. Is there any way to fix this problem in general? Thank you very much.
In PHP 5.4, the automatic magic quotes feature was removed from PHP. If you're running a version older than 5.4, you can set magic_quotes_gpc = On
in the php.ini (or by using the following):
ini_set('magic_quotes_gpc', '1');
If you're using 5.4+, you'll need to manually apply mysql_real_escape_string
to all data. Note that for SQL injection prevention, you should not rely on magic quotes and instead use manual code to escape the string.