On Tue, Nov 16, 2010 at 10:10 PM, Gary <gpaul@xxxxxxxxxxxxxxxx> wrote: > I was doing a test of stripslashes on a $_POST, when I recieved the email, > all of the slashes were still in the data posted. > > I used : > > $fname = stripslashes($_POST['fname']); > > I input G\\a//r\y\\, and was expecting, according to the manuel G\a//r*y\, > but got the original spelling. > In this case, you should get the original, if I'm understanding correctly. Think of it like a basic math problem: Step 1: Happens automatically when you submit the form and PHP receives the form variables input + slashes = slashed_input Step 2: This happens when you call stripslashes. slashed_input - slashes = input The goal of stripslashes is that it will undo what happened automatically using magic_quotes_gpc (which essentially calls addslashes on the GPC vars behind the scenes) so you'll end up with the original input. So, working through your example: 1. You inputted into a form G\\a//r\y\\ and submitted the form. 2. PHP received G\\a//r\y\\ and added slashes (G\\\\a//r\\y\\\\). 3. You called stripslashes (G\\a//r\y\\). > > I added: > > echo stripslashes($fname); and did get the expected result on the page, but > not in the email from the $_POST. > Here, you called stripslashes on something already stripped once, so you now have a new value (G\a//ry\). > > I also tried > > $fname = (stripslashes($_POST['fname'])); > This would be no different than your attempt without enclosing parentheses. Now, let me just say that I detest magic_quotes, and it's best to run with them disabled so you don't even have to worry about this kind of issue (they've been deprecated.) But, perhaps you were just trying to learn about some piece of legacy code. Hope the explanation helps, Gary. Adam -- Nephtali: PHP web framework that functions beautifully http://nephtaliproject.com