On Wednesday, July 3, 2002, at 09:40  AM, Jean-Christian Imbeault wrote:

> I am trying to make my PHP safe against malicious data user inputs. 
> Reading up on this most people suggest using addslashes(), magic_quotes 
> on and other things like mysql_escape_string();
> But I have been running into the problem that I mess up the user's 
> input because I use more then one of these functions in succession on 
> the data.
> Is there any way to prevent the "re-escaping"/"re-slashing" of data 
> that has already been escaped or slashed?

Turn off magic_quotes and do addslashes() explicitly every time you do a 
database insert.  Then make sure you always stripslash() data returned 
from a database query.

magic_quotes is convenient for newbies, but after a while you'll find it 
only trips you up, as you've discovered.



Erik Price
Web Developer Temp
Media Lab, H.H. Brown

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to