Jump to content

stripslashes function

cmccully

By cmccully
in PHP Coding Help

 Share

Recommended Posts

The Little Guy Prolific Member

The Little Guy

Posted
Posted
It is mainly for when using a database to protect from SQL injection.  So the user would do an addslashes() function, and wen reading from the database he would use stripslashes.  Here is an example

This is in the database:
How\'s the weather?

and when stripslashes is used around that, It will display on the page like this:
How's the weather?
Link to comment
Share on other sites
alpine Member

alpine

Posted
Posted
From the manual, addslashes():
[quote]

Returns a string with backslashes before characters that need to be quoted in database queries etc. These characters are single quote ('), double quote ("), backslash (\) and NUL (the NULL byte).

An example use of addslashes() is when you're entering data into a database. For example, to insert the name O'reilly into a database, you will need to escape it. Most databases do this with a \ which would mean O\'reilly. This would only be to get the data into the database, the extra \ will not be inserted.

The PHP directive  magic_quotes_gpc is on by default, and it essentially runs addslashes() on all GET, POST, and COOKIE data.

[/quote]

This means that when magic_quotes_gpc is ON you might want to run stripslashes on data that's not going to a database OR if you want to convert the string using htmlspecialchars, htmlentities, mysql_real_escape_string etc. before entering into the database.

A user defined function would be a correct approach in many cases handling values, example:

[code]
<?php

function SafeString($value)
{
  if(get_magic_quotes_gpc())
  {
  $value = stripslashes($value);
  }
  $value = htmlspecialchars($value, ENT_QUOTES);
  return addslashes($value);
}

?>
[/code]

http://no.php.net/manual/en/function.addslashes.php
http://no.php.net/manual/en/function.stripslashes.php
Link to comment
Share on other sites
Destramic Advanced Member

Destramic

Posted
Posted
using mysql_real_escape_string you wouldnt need to use the function addslashes to the value aswell? (so on what instants would you use this addslashes?)

and when mysql_real_escape_string is used to insert data would you use stripslashes while selecting data from the database?

thank destramic

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.