Jordi Canals wrote:
I usually stripslashes() when I read the info from the database (MySQL). Because the information was inserted after adding slashes, or the system has magic_quotes_gpc set to ON.
I remember being taught this lesson long ago. :)
You do not need to strip slashes from the data being read from the database. If you find yourself having to do that, then you're escaping the data twice before it's inserted. You more than likely have magic_quotes_gpc enabled which escapes all incoming GET, POST and COOKIE data and then you are running addslashes() yourself.
You should check the magic_quotes setting with get_magic_quotes_gpc() and then determine if you need to use addslashes or mysql_real_escape_string().
-- ---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals – www.phparch.com
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
