I think always using addslashes is better because you have to write clean cide instead of trusting in a funktion which can be disabled on some servers.
To avoid double-escaping I use this code: function stripslashes_array($array) { reset($array); while(list($key,$val)=each($array)) { if(is_string($val)) $array[$key]=stripslashes($val); elseif(is_array($val)) $array[$key]=stripslashes_array($val); } return $array; } if (get_magic_quotes_gpc()) { if(is_array($_REQUEST)) $_REQUEST=stripslashes_array($_REQUEST); if(is_array($_POST)) $_POST=stripslashes_array($_POST); if(is_array($_GET)) $_GET=stripslashes_array($_GET); if(is_array($_COOKIE)) $_COOKIE=stripslashes_array($_COOKIE); } ------------------------ > If you are doing both addslashes() and have magic_quotes_gpc turned on, > then yes, you are double-escaping things. > From a performance-perspective I doubt you could measure much difference, > but I suppose doing it through magic_quotes_gpc would be faster assuming > you need to escape all your GPC data. If you have a lot of GPC data that > doesn't need to be escaped, then only running addslashes() on the data > that needs it might be more efficient. > -Rasmus --------- Adrian mailto:[EMAIL PROTECTED] www: http://www.planetcoding.net www: http://www.webskyline.de -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php