Reply to Re: stripslashes

Your name:

Reply:


Posted by Good Man on 06/18/05 21:38

J. W. Doe <nomail@nomail.com> wrote in
news:2005061809381216807%nomail@nomailcom:


> The form works great, except that slashes for escaping single and
> double quotes are not being stripped out . I did some Googling and
> found that the "stripslashes" function needs to be used, but when I
> check the script, it looks like it's already using stripslashes. At
> this point I'm stumped. I'd love it if someone could take a look at
> the script and let me know why slashes aren't being stripped out.

Why do you want them stripped out exactly? Why are they even there originally?

The idea behind addslashes() and stripslashes() is to make sure database storage
and function calling work correctly when you have values/arguments with single
quotes. For example, when INSERTing, you want to ADD slashes to single-quotes to
ensure that the database does not think the query ends when it comes across the
single quote.

So, values in a query that says "INSERT INTO Books (Title,Price) VALUES ('I Haven
\'t Got a Clue','19.99')" get stored normally in the database as "I Haven't Got a
Clue" and "19.99". If your query just said "... VALUES ('I Haven't Got a
Clue','19.99)" you can see how the single quote in the word "Haven't" turns the
query into a syntax error.

In the example you've posted, I can't figure out the purpose behind stripping
slashes from a POSTED form??? As I mentioned above, if anything, you'd be ADDING
slashes to a posted form to ensure that apostrophes don't mess up any queries or
functions in your script.

I rarely come across a need to use stripslashes(). I'm only using it when a)
coming across a database that has used addslashes() incorrectly so that values in
the database actually have slashes!! ("Haven\'t" is actually in the database)

and

b) after inserting the value into the database, I might stripslashes() from the
value for further use of the variable as the script continues (ie: sending an email
after putting a name in a database, so that Mr O'Callaghan doesn't get addressed as
Mr O\'Callaghan)

Again, I'm stumped as to why you want to strip slashes from a posted form.

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация