Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    Registered User
    Join Date
    Jun 2002
    Location
    Arizona
    Posts
    175
    Thanks
    0
    Thanked 0 Times in 0 Posts

    addslashes() adding to many slashes ?

    how come when i do this:

    $text = "(SELECT * FROM EMP WHERE EMPNAME = 'SMITH')"

    <?php
    if($do == "1")
    {
    echo addslashes($text);
    }
    ?>

    i get this:

    (SELECT * FROM EMP WHERE EMPNAME = \\\'SMITH\\\')

  • #2
    Super Moderator
    Join Date
    May 2002
    Location
    Perth Australia
    Posts
    4,040
    Thanks
    10
    Thanked 92 Times in 90 Posts
    well you dont ... i.e.

    PHP Code:
    <?
    $text 
    "(SELECT * FROM EMP WHERE EMPNAME = 'SMITH')" ;
    $do=1;
    if(
    $do == "1"

    echo 
    addslashes($text); 

    ?>
    returns

    (SELECT * FROM EMP WHERE EMPNAME = \\'SMITH\\')


    however if you are sending $text via POST or GET vars then PHP will automagically addslashes for you (which you are then escaping again) , so if thats the case just don't addslashes!
    resistance is...

    MVC is the current buzz in web application architectures. It comes from event-driven desktop application design and doesn't fit into web application design very well. But luckily nobody really knows what MVC means, so we can call our presentation layer separation mechanism MVC and move on. (Rasmus Lerdorf)

  • #3
    Registered User
    Join Date
    Jun 2002
    Location
    Arizona
    Posts
    175
    Thanks
    0
    Thanked 0 Times in 0 Posts
    oh.........duh........ thanks


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •