On 25/04/07, Richard Lynch <ceo@xxxxxxxxx> wrote:
On Mon, April 23, 2007 9:48 am, WeberSites LTD wrote: > I'm trying to understand from the examples why anyone > that has get_magic_quotes_gpc() returning true would > need to use stripslashes() and then mysql_real_escape_string(). > > wouldn't that just add slashes to the same places? If you were 100% sure that everybody on the planet spoke only English, and only used the ASCII codeset, sure, it's the same thing... Oh, wait. Earth has more than one language, doesn't it? :-) mysql_real_escape_string() takes into account the charset[s] being used. addslashes assumes ASCII charset. Don't do that. YOU may not be expecting the Spanish Inquisition, but somebody will be trying to send it to you.
Actually, over half the site visitors are _not_ going to be speaking English. Everything on the site is in UTF-8 as Israelis speak Hebrew, Arabic, Russian, Romanian, and another small language called English. Dotan Cohen http://what-is-what.com/what_is/zero_day_exploit.html http://dotancohen.com/eng/thunderstang.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
