cmccully Posted November 27, 2006 Share Posted November 27, 2006 Hi, can someone explain the correct use of stripslashes. Why you would need to use is, why there are slashes that need to be removed, etc...Thanks!cmccully Quote Link to comment Share on other sites More sharing options...
The Little Guy Posted November 27, 2006 Share Posted November 27, 2006 It is mainly for when using a database to protect from SQL injection. So the user would do an addslashes() function, and wen reading from the database he would use stripslashes. Here is an exampleThis is in the database:How\'s the weather?and when stripslashes is used around that, It will display on the page like this:How's the weather? Quote Link to comment Share on other sites More sharing options...
alpine Posted November 27, 2006 Share Posted November 27, 2006 From the manual, addslashes():[quote]Returns a string with backslashes before characters that need to be quoted in database queries etc. These characters are single quote ('), double quote ("), backslash (\) and NUL (the NULL byte).An example use of addslashes() is when you're entering data into a database. For example, to insert the name O'reilly into a database, you will need to escape it. Most databases do this with a \ which would mean O\'reilly. This would only be to get the data into the database, the extra \ will not be inserted.The PHP directive magic_quotes_gpc is on by default, and it essentially runs addslashes() on all GET, POST, and COOKIE data.[/quote]This means that when magic_quotes_gpc is ON you might want to run stripslashes on data that's not going to a database OR if you want to convert the string using htmlspecialchars, htmlentities, mysql_real_escape_string etc. before entering into the database.A user defined function would be a correct approach in many cases handling values, example:[code]<?phpfunction SafeString($value){ if(get_magic_quotes_gpc()) { $value = stripslashes($value); } $value = htmlspecialchars($value, ENT_QUOTES); return addslashes($value);}?>[/code]http://no.php.net/manual/en/function.addslashes.phphttp://no.php.net/manual/en/function.stripslashes.php Quote Link to comment Share on other sites More sharing options...
cmccully Posted November 28, 2006 Author Share Posted November 28, 2006 Thankscmccully Quote Link to comment Share on other sites More sharing options...
Destramic Posted December 1, 2006 Share Posted December 1, 2006 using mysql_real_escape_string you wouldnt need to use the function addslashes to the value aswell? (so on what instants would you use this addslashes?)and when mysql_real_escape_string is used to insert data would you use stripslashes while selecting data from the database?thank destramic Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.