On Tuesday 28 September 2004 02:49, Ed Lazor wrote: > I'm using PHP to retrieve user input and store it in MySQL. PHP's > addslashes function is used on data going into the database
Use the more specific mysql_escape_string() (or friend) instead. > and PHP's > stripslashes function is being used on data coming from the database. You're not supposed to use stripslashes() on data coming from the database -- read up on addslashes() and also search manual for magic quotes. -- Jason Wong -> Gremlins Associates -> www.gremlins.biz Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development * ------------------------------------------ Search the list archives before you post http://marc.theaimsgroup.com/?l=php-db ------------------------------------------ /* The best way to hold a man is in your arms -- Murphy's Laws on Sex n18 */ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
