So sprach Noah Spitzer-Williams am Mon, Apr 16, 2001 at 12:45:43PM -0400:
> would there be any problems caused if i used the stripslashes() function on
> all posted variables from a form to eliminate sql query errors?
Uhm, why stripslashes() the values? Wouldn't it be better to addslashes()
the value, and then when retrieving the values from the database to
stripslashes() the value?
With addslashes(), you'd be sure that everything is properly escaped.
BTW: Where's the difference between addslashes() and the undocumented
function mysql_escape_string()? ( see http://php.net/ChangeLog-4.php#4.0.3 )
Alexander Skwar
--
How to quote: http://learn.to/quote (german) http://quote.6x.to (english)
Homepage: http://www.digitalprojects.com | http://www.iso-top.de
iso-top.de - Die günstige Art an Linux Distributionen zu kommen
Uptime: 2 hours 13 minutes
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
