PDA

View Full Version : addslashes() adding to many slashes ?



Phip
07-02-2002, 09:18 AM
how come when i do this:

$text = "(SELECT * FROM EMP WHERE EMPNAME = 'SMITH')"

<?php
if($do == "1")
{
echo addslashes($text);
}
?>

i get this:

(SELECT * FROM EMP WHERE EMPNAME = \\\'SMITH\\\')

firepages
07-02-2002, 03:01 PM
well you dont ... i.e.



<?
$text = "(SELECT * FROM EMP WHERE EMPNAME = 'SMITH')" ;
$do=1;
if($do == "1")
{
echo addslashes($text);
}
?>


returns

(SELECT * FROM EMP WHERE EMPNAME = \\'SMITH\\')


however if you are sending $text via POST or GET vars then PHP will automagically addslashes for you (which you are then escaping again) , so if thats the case just don't addslashes!

Phip
07-02-2002, 07:53 PM
oh.........duh........ thanks :thumbsup: