Hi. In an article about SQL Injection by Chris Shiflett he mentions the following in a comment: "The process of escaping should preserve data, so it should never be necessary to reverse it. When I'm auditing an application, things like stripslashes() alert me to design problems."
Now, I'm always using PHP PDO with prepared statements and as such data with quotes gets slashed automatically by PDO when inserted into the database. When I need to pull out the data something might be slashed and I need to use stripslashes() or some str_replace() to make sure that the slashes are removed. So what's the mistake here and what's the correct way to do it? Kind regards Rico -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php