When I was learing Brute Force in DVWA, I read the High Brute Force Source. It use stripslaches( $user ); function before use mysql_real_escape_string( $user ); function. I know mysql_real_escape_string() can escape special character so that it is safe in SQL statement.
But I don't understand the function stripslaches(). Does it also make a safe SQl statement?
stripslashes() is useless in any SQL context. The only thing it's good for is undoing the evil effects of magic quotes on servers with broken configurations that you don't have access to change.