Hi, I've read your interesting article: http://www.nyphp.org/phundamentals/5_Storing-Data-Submitted-Form-Displaying-Database
I have a couple of questions about the function fix_magic_quotes: 1) Why do you disable magic_quotes_gpc and magic_quotes_sybase via ini_set? Fixing the content escaped by magic quotes should be enough in my opinion, am I wrong? 2) As far as I know, stripslashes is affected by magic_quotes_sybase, s if magic_quotes_sybase is on, both addslashes and stripslashes work in a sybase-style way. For this reason I don't think you need to use str_replace. And finally a more general question: are you aware of any method for un-escaping content based on db-specific escape function? I mean something kuje stripslashes but specific so: the counterpart of addslashes is stripslashes, is there any counterpart for mysql_escape_string or for the adodb function qstr or the PDO quote function? I know that, in an ideal world, we don't need them but if an application has been build using a "escape everything" approach and you need to work with that, you need to unescape content when you don't use it in a query and stripslashes doesn't work if you switch from addslashes to something like adodb->qstr. Thanks in advance. Cheers, ------------------ Eugenio Tacchini dadabik.org DaDaBIK database front-end _______________________________________________ New York PHP User Group Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk http://www.nyphp.org/show-participation
