Also, you probably want to do a string replace of some kind and make the single quote a double single-quote ' to '' I don't know if that's how MySQL does it, but that's how SQL Server escapes single quotes and I believe other DBs do as well. Just something to look into because I think the \' might not work on DBs that use ''. -TG > -----Original Message----- > From: John Holmes [mailto:holmes072000@xxxxxxxxxxx] > Sent: Monday, October 18, 2004 8:59 PM > To: Jerry Swanson > Cc: Christian Jul Jensen; php-general@xxxxxxxxxxxxx > Subject: Re: Re: ' (Single Quotes) in user inputs > > > Jerry Swanson wrote: > > I'm not sure that stripslashes() are used for input. > > If you want to redisplay the input, then it would be used. > > > addslashes() - to insert data into database > > stripslashes() - to get data from database and print it. > > You don't need stripslashes when pulling data unless you have > magic_quotes_runtime enabled. If you find that you need to call > stripslashes on your data, then you're escaping it twice before you > insert it. > > -- > > ---John Holmes... > > Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ > > php|architect: The Magazine for PHP Professionals - www.phparch.com > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
