...
PDA

stripslashes / addslahes

tomyknoker
09-05-2007, 02:57 AM
I have a form which users fill out, and it get's emailed to me... If they say write 'James O'Reilly' it was coming to me as 'James O'/Reilly' so I added the following and it worked...

$name = stripslashes($_POST['name']);

Now I am wanting to insert the data into my database so underneath all my email etc I change that line to this...

$name = addslahes($_POST['name']);

Because it wasn't inserting into the databse unless it had slashes, but then in my database it insert's it as 'James O'/Reilly', do I just have to live with that?
kbluhm
09-05-2007, 03:24 AM
Don't insert with addslashes(), insert using mysql_real_escape_string()... assuming you're using MySQL.
<?php

// grab... only stripslashes if they're added
$name = get_magic_quotes_gpc() ? stripslashes( $_POST['name'] ) : $_POST['name'];

// display
echo $name;

// insert
$insert = sprintf
(
'INSERT INTO table ( name ) VALUES ( \'%s\' )',
mysql_real_escape_string( $name )
);
mysql_query( $insert );

?>

Magic Quotes is obviously on and is addslashes()'ing your _POST data, then you were re-addslashes()'ing it before insert, hence the back-slashes before the single-quotes (not forward-slashes after the single-quotes as you have typed).

Here's a great resource for beginner programmers:
http://www.php.net

EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum