>   Jason, can you explain why stripslashes should not be used on data
> taken from the db? when you store data in the db i thought it was good
> practice to addslashes, when you retrieve from the db, you will need
> to use stripslashes to remove the extra \

If I may step in...

Assuming a MySQL db, using mysql_escape_string obviates the need for using 
either stripslashes or addslashes for db 
inserts and selects. I'm not sure of the underlying mechanism, but if you 
use mysql_escape_string on a string, the  \'s and   " ' "s, etc... all get 
escaped automagically 
before the insert. If you then take a look at the inserted data using the 
mysql client, you will see that the full unescaped text has been inserted. 
So there is no need to use stripslashes when selecting it out. 

Personally, this is counterintuitive, but that's the way it works.


Reply via email to