Greaser9780 Posted February 15, 2007 Share Posted February 15, 2007 Should you add slashes to a variable everytime you are going to place it in a db? Quote Link to comment https://forums.phpfreaks.com/topic/38582-should-you-add-slashes-to-a-variable-everytime-you-are-going-to-place-it-in-a-db/ Share on other sites More sharing options...
Jessica Posted February 15, 2007 Share Posted February 15, 2007 Yes. Use the php function for the database, not addslashes(). If you're using mysql, use mysql_real_escape_string(). If you have magic_quotes_gpc on, you should first stripslashes as it adds its own. Quote Link to comment https://forums.phpfreaks.com/topic/38582-should-you-add-slashes-to-a-variable-everytime-you-are-going-to-place-it-in-a-db/#findComment-185171 Share on other sites More sharing options...
Greaser9780 Posted February 15, 2007 Author Share Posted February 15, 2007 Like this: array_pop($_POST); if ( get_magic_quotes_gpc() ) { $_POST= array_map('stripslashes', $_POST); } $clan_name = mysql_real_escape_string(trim($_POST['clan_name'])); Quote Link to comment https://forums.phpfreaks.com/topic/38582-should-you-add-slashes-to-a-variable-everytime-you-are-going-to-place-it-in-a-db/#findComment-185176 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.