cmccully Posted November 27, 2006 Share Posted November 27, 2006 Hi, can someone explain the correct use of stripslashes. Why you would need to use is, why there are slashes that need to be removed, etc...Thanks!cmccully Link to comment https://forums.phpfreaks.com/topic/28639-stripslashes-function/ Share on other sites More sharing options...
The Little Guy Posted November 27, 2006 Share Posted November 27, 2006 It is mainly for when using a database to protect from SQL injection. So the user would do an addslashes() function, and wen reading from the database he would use stripslashes. Here is an exampleThis is in the database:How\'s the weather?and when stripslashes is used around that, It will display on the page like this:How's the weather? Link to comment https://forums.phpfreaks.com/topic/28639-stripslashes-function/#findComment-131036 Share on other sites More sharing options...
alpine Posted November 27, 2006 Share Posted November 27, 2006 From the manual, addslashes():[quote]Returns a string with backslashes before characters that need to be quoted in database queries etc. These characters are single quote ('), double quote ("), backslash (\) and NUL (the NULL byte).An example use of addslashes() is when you're entering data into a database. For example, to insert the name O'reilly into a database, you will need to escape it. Most databases do this with a \ which would mean O\'reilly. This would only be to get the data into the database, the extra \ will not be inserted.The PHP directive magic_quotes_gpc is on by default, and it essentially runs addslashes() on all GET, POST, and COOKIE data.[/quote]This means that when magic_quotes_gpc is ON you might want to run stripslashes on data that's not going to a database OR if you want to convert the string using htmlspecialchars, htmlentities, mysql_real_escape_string etc. before entering into the database.A user defined function would be a correct approach in many cases handling values, example:[code]<?phpfunction SafeString($value){ if(get_magic_quotes_gpc()) { $value = stripslashes($value); } $value = htmlspecialchars($value, ENT_QUOTES); return addslashes($value);}?>[/code]http://no.php.net/manual/en/function.addslashes.phphttp://no.php.net/manual/en/function.stripslashes.php Link to comment https://forums.phpfreaks.com/topic/28639-stripslashes-function/#findComment-131073 Share on other sites More sharing options...
cmccully Posted November 28, 2006 Author Share Posted November 28, 2006 Thankscmccully Link to comment https://forums.phpfreaks.com/topic/28639-stripslashes-function/#findComment-131803 Share on other sites More sharing options...
Destramic Posted December 1, 2006 Share Posted December 1, 2006 using mysql_real_escape_string you wouldnt need to use the function addslashes to the value aswell? (so on what instants would you use this addslashes?)and when mysql_real_escape_string is used to insert data would you use stripslashes while selecting data from the database?thank destramic Link to comment https://forums.phpfreaks.com/topic/28639-stripslashes-function/#findComment-133654 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.