bruce wrote:
not sure i agree with this one.. if i put "foo \' cat" in a db tbl...
i expect that i'll get the same out... which is what some of the articles
i've seen have stated.. are you telling me, and are you sure, that i'd get
"foo ' cat" out instead!!????
the articles i've seen imply that if you addslashes, you also need to
stripslashes on the backend...
With all due respect, you are demonstrating a fundamental lack of
understanding of the principle of escaping anything...
The point of escaping the quote mark is so that it looks *exactly like a
quote mark* to MySQL, rather than like the delimiter for a string value.
MySQL treats the character sequence \' as ' when inside a string value.
When you SELECT the data at the other end, MySQL will not give you the
slashes, because the slashes are not stored in the database table.
If you do run stripslashes() on the output, you will lose data in some
situations. So don't.
Hope that made sense and helped...
--
Jasper Bryant-Greene
Freelance web developer
http://jasper.bryant-greene.name/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
