Joel Kitching wrote:
soooo... when you pull the data *out* of the database the \ will not exist and you therefore do not need to perform stripslashes().
I tried using addslashes() on the string in the query, and then SELECTing it, and the slashes are included. Does mysql_escape_string() not do this?
No, it'll do the same thing because you're escaping the data twice. If you ever see slashes in the actual data while it's in the database, then you're escaping it twice. You more than likely have magic_quotes_gpc enabled which is escaping the data the first time.
Or, you could have magic_quotes_runtime enabled, which will add the slashes to data coming _from_ the database (but if you had that enabled, you should recognize what's going on as it's not enabled by default).
-- ---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals – www.phparch.com
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
