Hello and welcome to our community! Is this your first visit?
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    Regular Coder
    Join Date
    Mar 2006
    Thanked 0 Times in 0 Posts

    stripslashes / addslahes

    I have a form which users fill out, and it get's emailed to me... If they say write 'James O'Reilly' it was coming to me as 'James O'/Reilly' so I added the following and it worked...

    PHP Code:
    $name stripslashes($_POST['name']); 
    Now I am wanting to insert the data into my database so underneath all my email etc I change that line to this...

    PHP Code:
    $name addslahes($_POST['name']); 
    Because it wasn't inserting into the databse unless it had slashes, but then in my database it insert's it as 'James O'/Reilly', do I just have to live with that?

  • #2
    Senior Coder kbluhm's Avatar
    Join Date
    Apr 2007
    Philadelphia, PA, USA
    Thanked 258 Times in 254 Posts
    Don't insert with addslashes(), insert using mysql_real_escape_string()... assuming you're using MySQL.
    PHP Code:

    // grab... only stripslashes if they're added
    $name get_magic_quotes_gpc() ? stripslashes$_POST['name'] ) : $_POST['name'];

    // display
    echo $name;

    // insert
    $insert sprintf
    'INSERT INTO table ( name ) VALUES ( \'%s\' )',
    mysql_real_escape_string$name )
    mysql_query$insert );

    Magic Quotes is obviously on and is addslashes()'ing your _POST data, then you were re-addslashes()'ing it before insert, hence the back-slashes before the single-quotes (not forward-slashes after the single-quotes as you have typed).

    Here's a great resource for beginner programmers:
    Last edited by kbluhm; 09-05-2007 at 04:44 AM.


    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts