On Wednesday, July 3, 2002, at 09:40 AM, Jean-Christian Imbeault wrote:
> I am trying to make my PHP safe against malicious data user inputs. > Reading up on this most people suggest using addslashes(), magic_quotes > on and other things like mysql_escape_string(); > > But I have been running into the problem that I mess up the user's > input because I use more then one of these functions in succession on > the data. > > Is there any way to prevent the "re-escaping"/"re-slashing" of data > that has already been escaped or slashed? Turn off magic_quotes and do addslashes() explicitly every time you do a database insert. Then make sure you always stripslash() data returned from a database query. magic_quotes is convenient for newbies, but after a while you'll find it only trips you up, as you've discovered. Erik ---- Erik Price Web Developer Temp Media Lab, H.H. Brown [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
