On Mon, 12 Jul 2004 20:45:12 +0200, Jordi Canals <[EMAIL PROTECTED]> wrote: > Hi, > > I usually stripslashes() when I read the info from the database (MySQL). > Because the information was inserted after adding slashes, or the > system has magic_quotes_gpc set to ON. > > I'd like to know, if I can do stripslashes() directly, as it is suposed > that all data was inserted into DB after slashing the vars. I mean, > should I check or not before if magic_quotes_gpc are on ? > > As I know, magic_quotes_gpc has nothing to do with info readed from the > DB, as it only affects Get/Post/Cookie values. > > I think to make a check like this: > > $result = mysql_query("SELECT ...."); > $row = mysql_fetch_assoc($result); > > foreach ($row as $key => $value) { > $row[$key] = stripslashes($value); > } > > But not sure if it really necessary, as i'm getting some confusing results. >
What you *should* be doing is check for magic quotes when inserting into the DB. if(!get_magic_quotes_gpc()) { $value = mysql_real_escape_string($value); } $query = 'INSERT INTO table (field) VALUES ("'.$value.'")'; mysql_query($query); -- DB_DataObject_FormBuilder - The database at your fingertips http://pear.php.net/package/DB_DataObject_FormBuilder paperCrane --Justin Patrin-- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php