bruce <mailto:bedouglas@xxxxxxxxxxxxx> on Thursday, September 22, 2005 4:19 PM said: > the articles i've seen imply that if you addslashes, you also need to > stripslashes on the backend... That's probably because gpc_magic_quotes (I think that's what it's called) is turned on and doing addslashes will "double" escape everything leaving you with a \ in the db. No escaping: Hello, I'm... Result after db insertion: Error, cannot insert gpc_magic_quotes: Hello, I\'m... Result after db insertion: Hello, I'm... gpc_magic_quotes + addslahes: Hello, I\\\'m... Result after db insertion: Hello, I\'m... So when you retrieve the data you would indeed have to do stripslashes() because escapging is being done wrong. With distributed apps it's a good practice to determine whether or not gpc_magic_quotes is turned on and then act accordingly. I don't know if mysql_real_escape_string() is subject to over escaping or not. You'd have to test it. Hth, Chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
