I have a deprecation error occuring on PHP 7.4.3

Question

I am a beginner in php. I am running the final chapter project named Robin's Nest from the book "Learning PHP, MySQL and JavaScript with jQuery".

In the file function.php, the function sanitizeString raises the following deprecation error:

Deprecated: Function get_magic_quotes_gpc() is deprecated in C:\xampp2\htdocs\MyProjects\robinsnest\functions.php on line 42.

My version of php is 7.4.3 and I use Xampp on Windows 10 operating system. I checked the PHP manual for the function and saw that the function has been deprecated as of PHP 7.4.0.

How can I modify this function so that it doesn't use the deprecated function get_magic_quotes_gpc() and still get equivalent functionality as there seem to be no replacement function?

 function sanitizeString($var)
  {
    global $connection;
    $var = strip_tags($var);
    $var = htmlentities($var);
    if (get_magic_quotes_gpc())
      $var = stripslashes($var);
    return $connection->real_escape_string($var);
  }

Does this answer your question? [How can I prevent SQL injection in PHP?](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) — Progman, Apr 04 '20 at 07:30
Use prepared statements instead of string escaping - the latter misses some cases and can cause security vulnerabilities. — halfer, Jun 06 '20 at 21:38
@halfer, when you run the Robin's Nest thing in localhost? Is it very slow? — limestreetlab, Dec 07 '20 at 06:59
@deanstreet: I think you intended your query for the author of this question, Rilwan Smith (my account is attached to the question because I edited it). — halfer, Dec 07 '20 at 10:35
@Rilwan Smith When you run the Robin's Nest thing, do you find it very slow? — limestreetlab, Dec 07 '20 at 11:28
This question is not a duplicate, however the other question is a duplicate of this question.This post was asked on April 3 2020 whereas the other post was asked on April 6 2020. — Rilwan Smith, Aug 18 '21 at 00:58

score 3 · Answer 1 · answered Apr 03 '20 at 23:29

Just get rid of the code that uses the function. It hasn't been relevant for many versions.

 function sanitizeString($var)
  {
    global $connection;
    $var = strip_tags($var);
    $var = htmlentities($var);
    return $connection->real_escape_string($var);
  }

Note that this sanitization is not appropriate to begin with. htmlentities() should only be used when you're displaying data on a web page, not when you're processing input. And $connection->real_escape_string() should only be used when substituting variables into a SQL string, but it's better to use prepared statements for this.

I have a deprecation error occuring on PHP 7.4.3

1 Answers1