Yes.Do you add the slashes before you insert into the database and then strip them before you print it out to the screen?
None that I can think of.Is there a better or faster way of doing it?
Its a googd idea to check whether magic quotes is turned on, otherwise you run the risk of escaping your string twice. Something like this:What is the best way of handling them when it comes a Database driven application?
I know the methods used are stripslashes and addslashes, but what is best practice? Do you add the slashes before you insert into the database and then strip them before you print it out to the screen?
Is there a better or faster way of doing it?
Its also worth noting that some database management systems have different methods for escaping quotes. MS for example uses a '' to escape a quote.function stripslashes_safe($string)
{
/* why the space in the $stirng variable I don't know,
but the forum software insists on putting it there */
return get_magic_quotes_gpc()?$string:stripslashes($string);
}
This is the code I am using. If I use single quotes(') it prints this out: jason\'s, and it fails.$first = addslashes(trim(@$_POST['firstname']));
I need a solution for both single and double quotes to work$sql = "INSERT INTO ClientContact
(CDLID, first, surname, cellno, email, field1, field2, field3)
VALUES
(".$_SESSION['CDLID'].",'".$first."','".$surname."','".$cellno."','".$email."','".$field1."','".$field2."','".$field3."')";
Thanks in advance
