Joseph Crawford wrote:
Jason, can you explain why stripslashes should not be used on data
taken from the db? when you store data in the db i thought it was good
practice to addslashes, when you retrieve from the db, you will need
to use stripslashes to remove the extra \

The slashes are added for the database, not to be stored with the data.

for e.g. - to store:  "I've just eaten."

you do: "INSERT INTO status (hunger) values ('I\'ve just eaten.');"

which stores: "I've just eaten."

It's not good practice - it's required (if you're not using a mechanism that already handles this - such as the latest mysqli bind functions) - otherwise the query is invalid.

You may be thinking of running 'htmlentities' when retrieving data - which is necessary in some cases, depending on where you're using it (most notably - in html where you don't want html output).

- Martin Norland, Database / Web Developer, International Outreach x3257
The opinion(s) contained within this email do not necessarily represent those of St. Jude Children's Research Hospital.

PHP Database Mailing List (
To unsubscribe, visit:

Reply via email to