stripslashes() with address book

Thomas -Balu- Walter list+roundcube-dev at b-a-l-u.de
Tue Jan 3 16:29:55 CET 2006


On Tue, Jan 03, 2006 at 11:50:24AM -0300, Lic. Martin Marques wrote:
> This is plain stupid. The problem could be in the DB insertion, as you 
> have to escape the '. But ibn a select that backslash shouldn't be there:

I think you got me wrong - my snippet was not meant to correct the
problem, but was a personal rant about the magic_quotes problem and a
solution I'm using.

Of course I'm adding a slash when querying the database (addslashes()
or better mysql_real_escape_string()), but with the  snippet you can be
sure that the submitted data does not have any automagically added
slashes in there you don't need. Then you just have to remember to
always add the slashes when querying, not to remove them (if it's
enabled) when printing or whatever.

     Balu




More information about the Dev mailing list