From: "Brock Jimmy D Contr DODHSR5" <Jimmy.Brock@xxxxxxxxxxxx> > When you want to display this value from the database onto your webpage use stripslashes > > stripslashes($row['q']; // this will remove the backslash that was inserted from addslashes You don't need to use stripslashes on the data pulled from the database unless magic_quotes_runtime is on. If "It\'s okay" is inserted into the database, the backslash is only there to tell the database that a literal single quote follows and not the end of the string. The data is stored as "It's okay" in the database. If you ever see "It\'s okay" actually within your database, then you are running addslashes/escape_string twice! Also, if you want to display $row['q'] on your web page or within a form input element's value attribute without creating cross site scripting vulnerabilities, then run it through htmlentities() first. Use ENT_QUOTES for the second parameter to encode both double and single quotes that way if you use either in your SQL queries or form elements, you'll be safe, also. ---John Holmes... -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
