--- Alexander Kleshchevnikov <[EMAIL PROTECTED]> wrote: > You should chech for configuration of magic quotes gpc. > Use get_magic_quotes_gpc() function: > > $foo = get_magic_quotes_gpc() ? stripslashes($_POST["foo"]) : > $_POST["foo"]);
I agree. However, stripslashes() doesn't necessarily undo addslashes(). If you want to know why or see more discussion on that, search the PHP internals archive. I think it was within the last 3 months or so that this was discussed. The best option is to turn that stuff off, but if you can't, I bet the fix_magic_quotes() function will be helpful. It can be found here: http://education.nyphp.org/phundamentals/PH_storingretrieving.php That page also describes why it's best to not use magic_quotes. Hope that helps. Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly Coming December 2004 HTTP Developer's Handbook - Sams http://httphandbook.org/ PHP Community Site http://phpcommunity.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
