I think always using addslashes is better because you have to write
clean cide instead of trusting in a funktion which can be disabled on
some servers.
To avoid double-escaping I use this code:
function stripslashes_array($array) {
reset($array);
while(list($key,$val)=each($array)) {
if(is_string($val)) $array[$key]=stripslashes($val);
elseif(is_array($val)) $array[$key]=stripslashes_array($val);
}
return $array;
}
if (get_magic_quotes_gpc()) {
if(is_array($_REQUEST)) $_REQUEST=stripslashes_array($_REQUEST);
if(is_array($_POST)) $_POST=stripslashes_array($_POST);
if(is_array($_GET)) $_GET=stripslashes_array($_GET);
if(is_array($_COOKIE)) $_COOKIE=stripslashes_array($_COOKIE);
}
------------------------
> If you are doing both addslashes() and have magic_quotes_gpc turned on,
> then yes, you are double-escaping things.
> From a performance-perspective I doubt you could measure much difference,
> but I suppose doing it through magic_quotes_gpc would be faster assuming
> you need to escape all your GPC data. If you have a lot of GPC data that
> doesn't need to be escaped, then only running addslashes() on the data
> that needs it might be more efficient.
> -Rasmus
---------
Adrian
mailto:[EMAIL PROTECTED]
www: http://www.planetcoding.net
www: http://www.webskyline.de
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
