stripslashes() with address book

Lic. Martin Marques martin at bugs.unl.edu.ar
Tue Jan 3 17:25:33 CET 2006


On Tue, 3 Jan 2006, Thomas -Balu- Walter wrote:

> On Tue, Jan 03, 2006 at 11:50:24AM -0300, Lic. Martin Marques wrote:
>> This is plain stupid. The problem could be in the DB insertion, as you
>> have to escape the '. But ibn a select that backslash shouldn't be there:
>
> I think you got me wrong - my snippet was not meant to correct the
> problem, but was a personal rant about the magic_quotes problem and a
> solution I'm using.

Reading again my post, I see it's a bit agressive. What I wanted to say is 
that, as you said yourself magic_quotes are not a good thing to use. They 
are disabled by default in php.ini.

> Of course I'm adding a slash when querying the database (addslashes()
> or better mysql_real_escape_string()), but with the  snippet you can be
> sure that the submitted data does not have any automagically added
> slashes in there you don't need. Then you just have to remember to
> always add the slashes when querying, not to remove them (if it's
> enabled) when printing or whatever.

As RC uses PEAR::DB all that has to be done is:

$query = $db->escapeSimple($query);

and PEAR::DB will use the database especific function depending on which 
DB server you are using. Very nice. :-)

--
  13:20:01 up 42 min,  1 user,  load average: 0.03, 0.04, 0.08
---------------------------------------------------------
Lic. Martín Marqués         |   SELECT 'mmarques' || 
Centro de Telemática        |       '@' || 'unl.edu.ar';
Universidad Nacional        |   DBA, Programador,
     del Litoral             |   Administrador
---------------------------------------------------------


More information about the Dev mailing list