On 4 Oct 2011, at 20:30, Shawn McKenzie wrote: > On 10/04/2011 02:23 PM, Jim Giner wrote: >> I thought I knew how to do this. >> >> I have a form that collects some data fields. My script checks if magic >> quotes are off and (since they are) executes "addslashes" on each input >> field. Then I run a query to INSERT these 'slashed' vars into the database. >> But when I go to phpadmin on my site the table does not contain any slashes. >> >> Where are they going? >> >> > > The slashes escape "data" just to tell the database that those > characters are data. The database doesn't insert the slash, that would > be unwanted. Not all databases use the slash as an escape character and > for the ones that do you should use the X_real_escape_string(), like > mysql_real_escape_string() instead of addslashes() http://stut.net/2011/09/15/mysql-real-escape-string-is-not-enough/ -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
