On Wednesday, July 3, 2002, at 09:40 AM, Jean-Christian Imbeault wrote:
> I am trying to make my PHP safe against malicious data user inputs.
> Reading up on this most people suggest using addslashes(), magic_quotes
> on and other things like mysql_escape_string();
> But I have been running into the problem that I mess up the user's
> input because I use more then one of these functions in succession on
> the data.
> Is there any way to prevent the "re-escaping"/"re-slashing" of data
> that has already been escaped or slashed?
Turn off magic_quotes and do addslashes() explicitly every time you do a
database insert. Then make sure you always stripslash() data returned
from a database query.
magic_quotes is convenient for newbies, but after a while you'll find it
only trips you up, as you've discovered.
Web Developer Temp
Media Lab, H.H. Brown
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php