On Mon, 12 Jul 2004 20:45:12 +0200, Jordi Canals <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I usually stripslashes() when I read the info from the database (MySQL).
> Because the information was inserted after adding slashes, or the
> system has magic_quotes_gpc set to ON.
>
> I'd like to know, if I can do stripslashes() directly, as it is suposed
> that all data was inserted into DB after slashing the vars. I mean,
> should I check or not before if magic_quotes_gpc are on ?
>
> As I know, magic_quotes_gpc has nothing to do with info readed from the
> DB, as it only affects Get/Post/Cookie values.
>
> I think to make a check like this:
>
> $result = mysql_query("SELECT ....");
> $row = mysql_fetch_assoc($result);
>
> foreach ($row as $key => $value) {
> $row[$key] = stripslashes($value);
> }
>
> But not sure if it really necessary, as i'm getting some confusing results.
>
What you *should* be doing is check for magic quotes when inserting into the DB.
if(!get_magic_quotes_gpc()) {
$value = mysql_real_escape_string($value);
}
$query = 'INSERT INTO table (field) VALUES ("'.$value.'")';
mysql_query($query);
--
DB_DataObject_FormBuilder - The database at your fingertips
http://pear.php.net/package/DB_DataObject_FormBuilder
paperCrane --Justin Patrin--
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
