mysql_real_escape_string noob
Posted: Tue Oct 11, 2005 10:31 am
Hello-
I'm currently reading the forum and manual on mysql_real_escape_string vs addslashes, and have a random question.
i've got a forum with 10 fields or so, and am currently using addslashes to the variables (which I'll figure out if I need to change that to mysql_real_escape_string once I read more and get better at php).
However my question is, after I modify a user's entered data, this one user always runs a problem with double quotes event though the input is displayed as \"Some Text\" on php admin.
The only thing I can think of is maybe this guy types out all his information on some program, and these double quotes are from a different variety, perhaps from another planet. Here's the code
Can anyone point me in the right direction as to what to read up on? again, the quotes are escaped on other users entries, but not this guy for some reason.
Thanks again.
I'm currently reading the forum and manual on mysql_real_escape_string vs addslashes, and have a random question.
i've got a forum with 10 fields or so, and am currently using addslashes to the variables (which I'll figure out if I need to change that to mysql_real_escape_string once I read more and get better at php).
However my question is, after I modify a user's entered data, this one user always runs a problem with double quotes event though the input is displayed as \"Some Text\" on php admin.
The only thing I can think of is maybe this guy types out all his information on some program, and these double quotes are from a different variety, perhaps from another planet. Here's the code
Code: Select all
$name = $_REQUEST['name'] ;
function cleanData() {
foreach($_POST as $k => $k)
$_POST[$k] = stripslashes($k);
}
if (get_magic_quotes_gpc()) {
cleanData();
}
$name = addslashes($name) ;
connect stuff...
query stuff...Thanks again.