Posted 08 August 2006 - 03:30 PM
If i use mysql_real_escape_string, i do not need to add slashes and i can also turn off magic_quotes_gpc, is that correct?
And secondly, if i am using mysql_real_escape_string, do i still need to strip slashes after retrieving information from the database?
Posted 08 August 2006 - 03:35 PM
No you dont need to use stripslashes. PHP will remove these automatically, even if you have magic_quotes_gpc disabled.
When using mysql_real_escape_string you need to be connect to MySQL to use it.
Posted 08 August 2006 - 03:45 PM
You say that i do not need to use stripslashes because PHP does that for me. Is that only if i use mysql_real_escape_string? If i were to use addslashes on data to be inserted into a database, i would need to use stripslashes on retrieval?
I already do use mysql_real_escape_string, but im just trying to fully understand the differant ways in which it works.
Posted 08 August 2006 - 03:48 PM
Posted 08 August 2006 - 05:40 PM
With magic_quotes_gpc off, if you do not do anything to a string such as ' and try to enter it into the database you get an error. If you apply mysql_real_escape_string() to it, it enters it into the database, although, interestingly, it does not enter the version with the slashes applied, rather it simply shows ' Unless, of course, phpMyAdmin has stripped the slashes which is a possibility. However, if you echo the string after applying mysql_real_escape_string, it shows up as \'.
And yes, whe you retreive the data, there is no need for stripslashes.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users