Ben Edwards wrote:
> OK. This is really confusing me.
>
> I am using the following function to handle this:
>
> function prep( &$text ) {
> echo get_magic_quotes_gpc()." ";
> if (get_magic_quotes_gpc()) {
> echo "mq on for $text";
> return $text;
> } else {
> echo "mq off";
> return addslashes($text);
> }
> }
>
> And it is not doing the assslashes but stuff like \'s is still being
> added. wonce savein a few times I get \\\\\'.
Sounds to me like magic_quotes_gpc is ON
That means EVERY value coming "in" from GET, POST, or COOKIES
automatically has addslashes() called on it.
That presumes that you mostly want to take GET/POST/COOKIE data and shove
it into a database.
For those times when you are *NOT* shoving the data into a database, you
need to use http://php.net/stripslashes to "undo" the magic quotes'
addslashes.
For example, when re-displaying user input on a FORM after an error, or to
confirm their input, you will need to call http://php.net/stripslashes on
EVERY field you send back to the browser.
On the plus side, you do *NOT* need to call http://php.net/addslashes on
EVERY chunk of data you send to the database, because magic_quotes already
did that for you.
That's kinda the whole purpose of magic_quotes: Assume that 99% of what
you do is take data "in" and shove it into your database, so always call
addslashes() on it before you see it, so it's already done "by magic"
Magic Quotes should be called "Auto Addslashes" really.
Does that help explain what's going on?
What you might need, then, is a function to send INPUT data to the browser:
function maybe_stripslashes($input){
if (magic_quotes_gpc()){
$result = stripslashes($input);
}
else{
$result = $input;
}
return $result;
}
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
