On 22 May 2006 17:37, Brad Bonkoski wrote: > Looks good to me, just make sure you use: > http://www.php.net/manual/en/function.stripslashes.php > if you have to dump that information back to the users. > (you might want to check out: addslashes() to add the slashes before > your DB insert, just to keep those things under your command) -Brad Aaaarrrggghhh!! NO, NO, NO!!! If you need to stripslashes() the data coming out of your database, than you haven't put it in right. An addslashes(), or more correctly mysql_real_escape_string() as afan is doing, is simply to make sure that characters which need escaping to get put into the database right are in fact escaped. The escape characters themselves should NOT make it into the database. > afan@xxxxxxxx wrote: > > > Hi to all! > > After the form is submitted, some fields are filled with single > > and/or double quote info (like: 1'2"x2'4", or sky's blue, or "cool" > > stuff). I validate what I got using mysql_real_escape_string() and > > then store the result in MySQL. And, it will be stored > > as:1\'2\"x2\'4\", and sky\'s blue, and \"cool\" stuff. Is this > > correct way or "correct" way will be to convert quotes in html > > entities? If yes, means have to use htmlentities($Size, > > ENT_QUOTES)? What are your magic_quotes_*() settings? It sounds like your data is getting escaped twice. Cheers! Mike --------------------------------------------------------------------- Mike Ford, Electronic Information Services Adviser, Learning Support Services, Learning & Information Services, JG125, James Graham Building, Leeds Metropolitan University, Headingley Campus, LEEDS, LS6 3QS, United Kingdom Email: m.ford@xxxxxxxxxxxxxx Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211 To view the terms under which this email is distributed, please go to http://disclaimer.leedsmet.ac.uk/email.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
