>> The thing that always kills me is when programmers call stripslashes on >> data that comes *OUT* of MySQL. No, no, no, no. Whatever it is you >> did, >> or think you are doing, or think you are fixing, that's WRONG. >> >> Maybe you called addslashes twice, once with Magic Quotes, and once "by >> hand" and that's how the data in the database got screwed up. >> >> Or maybe you just don't understand WHY addslashes does what it does. >> >> But calling stripslashes on data coming OUT of MySQL is WRONG. > > Umm... I hate to disagree with you, but this depends entirely on your > server settings. It is only wrong if you have magic_quotes_runtime set > to off. If magic_quotes_runtime is ON, then, as the manual says, "most > functions that return data from any sort of external source including > databases and text files will have quotes escaped with a backslash." > > In other words, if magic_quotes_runtime is ON, you *will* need to run > stripslashes on data returned from your database if you don't want > quotes escaped with a backslash.
You're right, of course. I should have explicitly stated that this only applied to the zillions who have Magic Quotes on, call addslashes before putting data into the database, then have extra slashes in the database, then call stripslashes when they get data out of the database. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
