I'm currently reading the forum and manual on mysql_real_escape_string vs addslashes, and have a random question.
i've got a forum with 10 fields or so, and am currently using addslashes to the variables (which I'll figure out if I need to change that to mysql_real_escape_string once I read more and get better at php).
However my question is, after I modify a user's entered data, this one user always runs a problem with double quotes event though the input is displayed as \"Some Text\" on php admin.
The only thing I can think of is maybe this guy types out all his information on some program, and these double quotes are from a different variety, perhaps from another planet. Here's the code
Code: Select all
$name = $_REQUEST['name'] ;
function cleanData() {
foreach($_POST as $k => $k)
$_POST[$k] = stripslashes($k);
}
if (get_magic_quotes_gpc()) {
cleanData();
}
$name = addslashes($name) ;
connect stuff...
query stuff...Thanks again.