What I am saying is that you have to store the slashes in your database. If you did not have the slashes then your database insert would be screwed up.
For example this would work fine if the variable $fullname was "Michael Dell" but it would not work if you had "Michael O'Dell". Why not? Look what happens to the sql statement if you don't escape the ' or " with a slash: INSERT INTO maztov (fullname, email, address) VALUES ('$fullname', '$email', '$address') INSERT INTO maztov (fullname, email, address) VALUES ('Michael O'Dell', '[EMAIL PROTECTED]', '123 Street') You see the extra ' in the sql statement? So let magic quotes insert the slashes when inputing text but when you want to display it again then you have to stripslashes. -----Original Message----- From: Lisi [mailto:[EMAIL PROTECTED]] Sent: May 20, 2002 5:47 AM To: SP; [EMAIL PROTECTED] Subject: RE: [PHP-DB] stripSlashes function The slashes are being added by the MagicQuotes feature in PHP (I think) when the form is submitted, and the slashes are being put into the database but I don't want them there. When I echo the query it does have the slashes, and when I echo it after applying stripslashes they are gone, but then my query is not being executed. At 04:33 AM 5/20/02 -0400, SP wrote: >You need to add slashes when putting data into >your database. When you want to display the data >from your database, that's when you strip the >slashes. > > > >-----Original Message----- >From: Lisi [mailto:[EMAIL PROTECTED]] >Sent: May 20, 2002 5:33 AM >To: [EMAIL PROTECTED] >Subject: [PHP-DB] stripSlashes function > > >I have a form that allows a person to enter an >announcement into a database >using a form. The form and the query work fine. > >$query = "INSERT INTO maztov (fullname1, >fullname2, city1, city2, email1, >email2, post_fullname, mazal_text, post_city, >post_email, other_emails, >entered) VALUES >('$fullname1','$fullname2','$city1','$city2','$em a >il1','$email2','$post_fullname','$mazal_text','$p o >st_city','$post_email','$other_emails', >NOW())"; > >$result = mysql_query($query); > >Then I realized MagicQuotes was adding slashes to >my query, so I added this >line: > >$query = stripSlashes($query); > >before I executed the result. Now the result is no >longer executing, i.e. >the entry is not being added into the database. > >When I echo the query before and after >stripslashes has been applied, it is >echoing exactly what I think it should. When I >comment out the line with >stripslashes, it works again but with adding >quotes. > >What am I doing wrong? > >Thanks, > >-Lisi > > >-- >PHP Database Mailing List (http://www.php.net/) >To unsubscribe, visit: >http://www.php.net/unsub.php > > >--- >Incoming mail is certified Virus Free. >Checked by AVG anti-virus system >(http://www.grisoft.com). >Version: 6.0.361 / Virus Database: 199 - Release >Date: 07/05/02 > >--- >Outgoing mail is certified Virus Free. >Checked by AVG anti-virus system >(http://www.grisoft.com). >Version: 6.0.361 / Virus Database: 199 - Release >Date: 07/05/02 > > >-- >PHP Database Mailing List (http://www.php.net/) >To unsubscribe, visit: http://www.php.net/unsub.php --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.361 / Virus Database: 199 - Release Date: 07/05/02 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.361 / Virus Database: 199 - Release Date: 07/05/02 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php