Re: mysql - image storing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Martin Norland wrote:
Joseph Crawford wrote:

Jason, can you explain why stripslashes should not be used on data
taken from the db? when you store data in the db i thought it was good
practice to addslashes, when you retrieve from the db, you will need
to use stripslashes to remove the extra \


The slashes are added for the database, not to be stored with the data.

for e.g. - to store:  "I've just eaten."

you do: "INSERT INTO status (hunger) values ('I\'ve just eaten.');"

I was always under the impression that single quotes (assuming you are delineating you args with single quotes) should (officially) be escaped with another single quote - although backslash also works:


"INSERT INTO status (hunger) values ('I''ve just eaten.');"

...alot of really old code of mine is full of stuff like:

$var = str_replace("'","''",$var);

but maybe that just MTAM(tm) working for me - (thats a reference to a bit of humour from another thread btw - MTAM is not a technology :-)


which stores: "I've just eaten."

It's not good practice - it's required (if you're not using a mechanism that already handles this - such as the latest mysqli bind functions) - otherwise the query is invalid.

nice to learn that mysqli is getting it 'right' :-) [makes mental note to look into it!]



You may be thinking of running 'htmlentities' when retrieving data - which is necessary in some cases, depending on where you're using it (most notably - in html where you don't want html output).


Cheers,

-- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux