PDA

View Full Version : addslashes() adding to many slashes ?



Phip
Jul 2nd, 2002, 08:18 AM
how come when i do this:

$text = "(SELECT * FROM EMP WHERE EMPNAME = 'SMITH')"

<?php
if($do == "1")
{
echo addslashes($text);
}
?>

i get this:

(SELECT * FROM EMP WHERE EMPNAME = \\\'SMITH\\\')

firepages
Jul 2nd, 2002, 02:01 PM
well you dont ... i.e.



<?
$text = "(SELECT * FROM EMP WHERE EMPNAME = 'SMITH')" ;
$do=1;
if($do == "1")
{
echo addslashes($text);
}
?>


returns

(SELECT * FROM EMP WHERE EMPNAME = \\'SMITH\\')


however if you are sending $text via POST or GET vars then PHP will automagically addslashes for you (which you are then escaping again) , so if thats the case just don't addslashes!

Phip
Jul 2nd, 2002, 06:53 PM
oh.........duh........ thanks :thumbsup: