On 4 Oct 2011, at 20:30, Shawn McKenzie wrote:

> On 10/04/2011 02:23 PM, Jim Giner wrote:
>> I thought I knew how to do this.
>> I have a form that collects some data fields.  My script checks if magic 
>> quotes are off and (since they are) executes "addslashes" on each input 
>> field.  Then I run a query to INSERT these 'slashed' vars into the database. 
>> But when I go to phpadmin on my site the table does not contain any slashes.
>> Where are they going? 
> The slashes escape "data" just to tell the database that those
> characters are data.  The database doesn't insert the slash, that would
> be unwanted.  Not all databases use the slash as an escape character and
> for the ones that do you should use the X_real_escape_string(), like
> mysql_real_escape_string() instead of addslashes()



Stuart Dallas
3ft9 Ltd
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to