On 10/04/2011 02:23 PM, Jim Giner wrote:
> I thought I knew how to do this.
> I have a form that collects some data fields.  My script checks if magic 
> quotes are off and (since they are) executes "addslashes" on each input 
> field.  Then I run a query to INSERT these 'slashed' vars into the database. 
> But when I go to phpadmin on my site the table does not contain any slashes.
> Where are they going? 

The slashes escape "data" just to tell the database that those
characters are data.  The database doesn't insert the slash, that would
be unwanted.  Not all databases use the slash as an escape character and
for the ones that do you should use the X_real_escape_string(), like
mysql_real_escape_string() instead of addslashes()


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to