#1
  1. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2000
    Posts
    12
    Rep Power
    0
    Hi,

    I have MySQL/PHP3 questbook. I use
    addslashes() before I add each new record to MySQL database.

    As I understand in this case I need to use
    stripslashes() in order to output correctly all data from MySQL

    Why all the data output is correct without stripslashes ?

    I conected to MySQL via telnet and detected that after addslashes all the data saved without any changes (without backslashes).

    Why it works so ?

    Thanks in advance.

    Roman




  2. #2
  3. No Profile Picture
    Apprentice Deity
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    Jul 1999
    Location
    Niagara Falls (On the wrong side of the gorge)
    Posts
    3,237
    Rep Power
    18
    Whoever told you that you needed stripslashes() was incorrect. The idea of addslashes() is to escape any troublesome characters from text that you are inserting into your table. Let's say you are inserting the following text:

    Let's party!

    Now, if this is in a variable, say $quote, and you want to insert it like this:

    $query="insert into table (column) values('$party')";

    mysql would be sent the query as:

    insert into table (column) values ('Let's party!');

    As you can see the apostrophe in Let's would screw up the query. Using addslashes adds the slash before the apostrophe so if you did this:

    $quote=addslashes($quote);

    before the query, mysql would get:

    insert into table (column) values ('Let's party!');

    and would insert into column the value "Let's party". The slash does not get saved because it's only function is to tell mysql that the ' is a literal apostrophe and not the end of the data.

    Now, the reason some people think that you need stripslashes() is because it's mentioned in the manual as the complement to addslashes() AND the fact that many people have magic_quotes turned on which will automatically add slashes to any variables passed via get, post and cookie. Thus when they use addslashes() a second set of slashes gets added, equivelent to using addslashes() twice. If you do that in our example the resulting query would be:

    insert into table (column) values ('Let's party!');

    because the slash itself would be escaped as would the apostrophe (again). This results in the value "Let's party!" being stored as ==a literal and ' means a literal ' so ' means a literal ' so to get the results you want which is just the ' you would have to use stripslashes().

    I hope I made that understandable ;-)
  4. #3
  5. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2000
    Posts
    12
    Rep Power
    0
    Thanks a lot.

    Roman

    <BLOCKQUOTE><font size="1" face="Verdana,Arial,Helvetica">quote:</font><HR>Originally posted by rod k:
    Whoever told you that you needed stripslashes() was incorrect. The idea of addslashes() is to escape any troublesome characters from text that you are inserting into your table. Let's say you are inserting the following text:

    Let's party!

    Now, if this is in a variable, say $quote, and you want to insert it like this:

    $query="insert into table (column) values('$party')";

    mysql would be sent the query as:

    insert into table (column) values ('Let's party!');

    As you can see the apostrophe in Let's would screw up the query. Using addslashes adds the slash before the apostrophe so if you did this:

    $quote=addslashes($quote);

    before the query, mysql would get:

    insert into table (column) values ('Let's party!');

    and would insert into column the value "Let's party". The slash does not get saved because it's only function is to tell mysql that the ' is a literal apostrophe and not the end of the data.

    Now, the reason some people think that you need stripslashes() is because it's mentioned in the manual as the complement to addslashes() AND the fact that many people have magic_quotes turned on which will automatically add slashes to any variables passed via get, post and cookie. Thus when they use addslashes() a second set of slashes gets added, equivelent to using addslashes() twice. If you do that in our example the resulting query would be:

    insert into table (column) values ('Let's party!');

    because the slash itself would be escaped as would the apostrophe (again). This results in the value "Let's party!" being stored as ==a literal and ' means a literal ' so ' means a literal ' so to get the results you want which is just the ' you would have to use stripslashes().

    I hope I made that understandable ;-)
    [/quote]

Similar Threads

  1. stripslashes causes INSERT to fail
    By purple hayes in forum MySQL Help
    Replies: 3
    Last Post: December 22nd, 2003, 07:21 AM
  2. addslashes doesn't work anymore...
    By michelle in forum PHP Development
    Replies: 11
    Last Post: December 8th, 2002, 03:11 AM
  3. addslashes() and stripslashes()
    By Escape in forum PHP Development
    Replies: 3
    Last Post: October 28th, 2002, 04:28 PM
  4. AddSlashes and StripSlashes Question.
    By zewt in forum PHP Development
    Replies: 3
    Last Post: November 13th, 2001, 11:01 AM

IMN logo majestic logo threadwatch logo seochat tools logo