On Wednesday 19 January 2005 01:51, [EMAIL PROTECTED] wrote:
> >   Jason, can you explain why stripslashes should not be used on data
> > taken from the db? when you store data in the db i thought it was good
> > practice to addslashes, when you retrieve from the db, you will need
> > to use stripslashes to remove the extra \
> If I may step in...
> Assuming a MySQL db, using mysql_escape_string obviates the need for using
> either stripslashes or addslashes for db inserts and selects. I'm not sure
> of the underlying mechanism, but if you use mysql_escape_string on a
> string, the  \'s and   " ' "s, etc... all get escaped automagically before
> the insert. If you then take a look at the inserted data using the mysql
> client, you will see that the full unescaped text has been inserted. So
> there is no need to use stripslashes when selecting it out.

Additionally, it should be noted that whether you need to use stripslashes() 
on data retrieved from the database depends on the setting of 
magic_quotes_runtime. The recommended setting is to have it disabled which 
means you do not need stripslashes().

Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
Search the list archives before you post
New Year Resolution: Ignore top posted posts

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to