On Tuesday 28 September 2004 02:49, Ed Lazor wrote:
I'm using PHP to retrieve user input and store it in MySQL. PHP's
addslashes function is used on data going into the database
Use the more specific mysql_escape_string() (or friend) instead.
and PHP's
stripslashes function is being used on data coming from the database.
You're not supposed to use stripslashes() on data coming from the database --
read up on addslashes() and also search manual for magic quotes.
--
Jason Wong - Gremlins Associates - www.gremlins.biz
Open Source Software Systems Integrators
* Web Design Hosting * Internet Intranet Applications Development *
--
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-db
--
/*
The best way to hold a man is in your arms
-- Murphy's Laws on Sex n18
*/
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
