GingerRobot Posted August 8, 2006 Share Posted August 8, 2006 Just a couple questions on which i want to check the answer.If i use mysql_real_escape_string, i do not need to add slashes and i can also turn off magic_quotes_gpc, is that correct?And secondly, if i am using mysql_real_escape_string, do i still need to strip slashes after retrieving information from the database? Thanks, Ben Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted August 8, 2006 Share Posted August 8, 2006 Myql_real_escaspe_string does the same as using addslashes, htmlspecialchars, htmlentities (with ENT_QUOTES)No you dont need to use stripslashes. PHP will remove these automatically, even if you have magic_quotes_gpc disabled.When using mysql_real_escape_string you need to be connect to MySQL to use it. Quote Link to comment Share on other sites More sharing options...
GingerRobot Posted August 8, 2006 Author Share Posted August 8, 2006 Ok, thanks for the help but one further questionYou say that i do not need to use stripslashes because PHP does that for me. Is that only if i use mysql_real_escape_string? If i were to use addslashes on data to be inserted into a database, i would need to use stripslashes on retrieval? I already do use mysql_real_escape_string, but im just trying to fully understand the differant ways in which it works. Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted August 8, 2006 Share Posted August 8, 2006 Yeah when the data is called out of the database PHP/MySQL get rid of the slashes, at least it does it with me. PHP has magic_quotes_gpc disabled. Quote Link to comment Share on other sites More sharing options...
GingerRobot Posted August 8, 2006 Author Share Posted August 8, 2006 I did a bit of testing and incase anyone is interested...With magic_quotes_gpc off, if you do not do anything to a string such as ' and try to enter it into the database you get an error. If you apply mysql_real_escape_string() to it, it enters it into the database, although, interestingly, it does not enter the version with the slashes applied, rather it simply shows ' Unless, of course, phpMyAdmin has stripped the slashes which is a possibility. However, if you echo the string after applying mysql_real_escape_string, it shows up as \'.And yes, whe you retreive the data, there is no need for stripslashes. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.