>magic_quotes is convenient for newbies, but after a while you'll find it >only trips you up, as you've discovered.
Odd. In the 5 years I've been doing PHP, magic quotes has never hurt me in the least. It's just more convenient than calling addslashses() all over the place. And do you really nead to call stripslashes() to get the data out? I mean... Look the MySQL SQL engine is going to 'parse' your SQL, right? And that parser is going to 'swallow up' the 'extra' \ characters -- Those characters exist to 'escape' the things MySQL needs to store. Now, when MySQL spews that data out again, does it go adding back in escape characters?! Surely not... Maybe if you turn on the sql_magic_quotes feature, PHP will do it for you, but MySQL doesn't do it, does it? You *DO* need stripslashes() when you have magic quotes on, and you wish to display data that has come from the user, as well as insert it to the database. (Or if that particular data was never meant to go to the database in the first place.) -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
