> Jason, can you explain why stripslashes should not be used on data > taken from the db? when you store data in the db i thought it was good > practice to addslashes, when you retrieve from the db, you will need > to use stripslashes to remove the extra \
If I may step in... Assuming a MySQL db, using mysql_escape_string obviates the need for using either stripslashes or addslashes for db inserts and selects. I'm not sure of the underlying mechanism, but if you use mysql_escape_string on a string, the \'s and " ' "s, etc... all get escaped automagically before the insert. If you then take a look at the inserted data using the mysql client, you will see that the full unescaped text has been inserted. So there is no need to use stripslashes when selecting it out. Personally, this is counterintuitive, but that's the way it works. David
