>magic_quotes is convenient for newbies, but after a while you'll find it 
>only trips you up, as you've discovered.


In the 5 years I've been doing PHP, magic quotes has never hurt me in the

It's just more convenient than calling addslashses() all over the place.

And do you really nead to call stripslashes() to get the data out?

I mean...

Look the MySQL SQL engine is going to 'parse' your SQL, right?

And that parser is going to 'swallow up' the 'extra' \ characters -- Those
characters exist to 'escape' the things MySQL needs to store.

Now, when MySQL spews that data out again, does it go adding back in escape
characters?!  Surely not...  Maybe if you turn on the sql_magic_quotes
feature, PHP will do it for you, but MySQL doesn't do it, does it?

You *DO* need stripslashes() when you have magic quotes on, and you wish to
display data that has come from the user, as well as insert it to the
database.  (Or if that particular data was never meant to go to the database
in the first place.)

Like Music?  http://l-i-e.com/artists.htm

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to