Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.
I've noticed that if a user enters a single or double quote into a HTML form that is then submitted via POST or GET to a php script, the quotes are escaped with a slash. Does stripslashes() properly unescape these values? If there are escape sequences that it misses or incorrectly changes, it could pose a security risk. Thanks in advance for your help, and I have posted a snippet to demonstrate the issue below.