On 10/04/2011 02:23 PM, Jim Giner wrote: > I thought I knew how to do this. > > I have a form that collects some data fields. My script checks if magic > quotes are off and (since they are) executes "addslashes" on each input > field. Then I run a query to INSERT these 'slashed' vars into the database. > But when I go to phpadmin on my site the table does not contain any slashes. > > Where are they going? > > The slashes escape "data" just to tell the database that those characters are data. The database doesn't insert the slash, that would be unwanted. Not all databases use the slash as an escape character and for the ones that do you should use the X_real_escape_string(), like mysql_real_escape_string() instead of addslashes() -- Thanks! -Shawn http://www.spidean.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
