How often do you run into a website that doesn't prepare data for database entry? It's a bloody beginners programming error and sites that claim to be 'big' have it all over the place. AskRobo Directory for instance. Submit a description with an apostrophe and you'll get: when clicking the confirmation links. It happended before so I dropped them a contact enquiry but now 3 months later they haven't fixed it. I've even seen it with e-commerce software providers. How silly is that?! Please, everyone, addslashes is such an easy PHP function and I'm sure other languages offer the same. Prepare data prior to dumping it into a database or you'll get pissed off customers like me.
Yeah I hear you tops. but just for the sake of knowledge, it is much better to use mysql_real_escape_string() (with MySQL) or one of the equivalents for other RDBMS. Couln't resist
There are 2 kinds of servers out there when if comes to adding " \ " the ones that have "magic_quotes_gpc = On" and the ones that have it Off in the php.ini file. The ones that have it On add the " \ " for you, (most code is written for these) The ones that have it Off are a pain in the b***
You are right of course... I never use them directly, I have a database class I use to wrap around all the PHP functions (I use the mysql escape real string function in my class). I was just didn't bother to look that close when I posted it. hehe oops
No prob, I'm just sort up a detail freak BTW, I've been mulling over making a db class, just haven't gotten around to it yet.
Yeah, all the servers I've ever used had magic quotes on. I guess the bottom line is always TEST your code, if you can do UAT on it... don't assume code that's worked before will work in different configurations.
You can always test to see if magic quotes is on or off at the beginning of your script, and act accordingly. Then you'll never run into a problem.