afan@xxxxxxxx wrote:
ok. I just made one test and if you can then explain something to me:
I entered in form (textarea)
afan's "crazy" web
and stored in db using mysql-real_escape_string().
in DB, it's stored with slashes:
afan\'s \"crazy\" web
Then I pulled that from DB on three different ways:
$query = mysql_query("select test from dbtest where rec_id = 5");
$result = mysql_fetch_array($query);
echo $result['gen_value']; // gives afan\'s \"crazy\" web
echo stripslashes($result['gen_value']); // gives afan's "crazy" web
echo htmlentities($result['gen_value']); // gives afan\'s \"crazy\" web
if stripslashes() is not correcct to use - what then?!?
You're missing the main issue. You shouldn't have any 'escape' slashes
in your db. I'm betting your php install has magic_quotes* enabled, so
what's happening is this:
User inputs data
magic_quotes escapes that data
*you* escape the data
data is inserted into the db.
Either turn magic_quotes off or stripslashes() *before* you use
mysql_real_escape_string()
You shouldn't have to stripslashes() coming out of the db.
--
John C. Nichel IV
Programmer/System Admin (ÜberGeek)
Dot Com Holdings of Buffalo
716.856.9675
jnichel@xxxxxxxxxxxxxxxxxxxxxxxxxxx
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
