Question
Simple Question to understand - Addslashes
Addslashes - it doesn't look like it's typically needed?
I just read this:
Returns a string with backslashes before characters that need to be quoted
in database queries etc. These characters are single quote ('), double quote
("), backslash (\) and NUL (the NULL byte).
An example use of addslashes() is when you're entering data into a database.
For example, to insert the name O'reilly into a database, you will need to
escape it. Most databases do this with a \ which would mean O\'reilly. This
would only be to get the data into the database, the extra \ will not be
inserted. Having the PHP directive magic_quotes_sybase set to on will mean '
is instead escaped with another '.
1. Why would I need to escape the string "O'Reilly"? I don't understand
this statement. I have used quotes in my databases before w/o every
bothering with addslahses - is that because magic_quotes_gpc was set to on?
Is this a new vs. old thing where you used to need to addslashes, but you
don't any mor eb/c of magic_quotes?
2. If magic_quotes is turned on (I have verified this) do I need addslashes
at all?
From PHP.net:
The PHP directive magic_quotes_gpc is on by default, and it essentially
runs addslashes() on all GET, POST, and COOKIE data. Do not use addslashes()
on strings that have already been escaped with magic_quotes_gpc as you'll
then do double escaping. The function get_magic_quotes_gpc() may come in
handy for checking this.
This came about b/c we're getting slashes everywhere we have text. So, I
guess I either need to remove the addslashes or put in stripslashes before
we pull text. I'm just curious if I actually need to stripslashes or if I
can just remove the addslashes?
Thanks for clarifying,
Jon
I just read this:
Returns a string with backslashes before characters that need to be quoted
in database queries etc. These characters are single quote ('), double quote
("), backslash (\) and NUL (the NULL byte).
An example use of addslashes() is when you're entering data into a database.
For example, to insert the name O'reilly into a database, you will need to
escape it. Most databases do this with a \ which would mean O\'reilly. This
would only be to get the data into the database, the extra \ will not be
inserted. Having the PHP directive magic_quotes_sybase set to on will mean '
is instead escaped with another '.
1. Why would I need to escape the string "O'Reilly"? I don't understand
this statement. I have used quotes in my databases before w/o every
bothering with addslahses - is that because magic_quotes_gpc was set to on?
Is this a new vs. old thing where you used to need to addslashes, but you
don't any mor eb/c of magic_quotes?
2. If magic_quotes is turned on (I have verified this) do I need addslashes
at all?
From PHP.net:
The PHP directive magic_quotes_gpc is on by default, and it essentially
runs addslashes() on all GET, POST, and COOKIE data. Do not use addslashes()
on strings that have already been escaped with magic_quotes_gpc as you'll
then do double escaping. The function get_magic_quotes_gpc() may come in
handy for checking this.
This came about b/c we're getting slashes everywhere we have text. So, I
guess I either need to remove the addslashes or put in stripslashes before
we pull text. I'm just curious if I actually need to stripslashes or if I
can just remove the addslashes?
Thanks for clarifying,
Jon
AdChoices