PHP 5 magic quotes turned off? Feb24 '06

Feedback

# (1 of 2): Catzwolf » code-plus.org

10 months after the fact. (Sat 23 Dec 2006, 9:07 AM CST)

By using addslashes and stripslashes:

Addslashes on form values before saving and then stripslashes before you output to browser.

Visit the php.net site for more details. http://uk2.php.net/addslashes

# (2 of 2): Daveb

2 years, 4 months after the fact. (Wed 02 Jul 2008, 10:05 AM CST)

You should never, ever need to use stripslashes. Make sure you have used addslashes or mysqlrealescape_string before you try to insert text into the database. And that's all you need to do to prevent SQL injection. When the text comes out of the database, there aren't any extra slashes to strip out!

Previous comment Return to entry

RSS feed for comments on this post

Leave feedback

Feedback

Input format: The editor controls below will assist with Markdown syntax.

Status

Sub-status

Your info Name: Email (will not show on page):

Follow new comments via email? (You can turn this off any time)

Do you want your comments emailed to yourself?

Home Page (optional):

Return to entry.

PHP 5 doesn’t have Magic Quotes turned on automatically, it seems.

You are at the feedback permalink page for: PHP 5 magic quotes turned off?