problems with addslashes and stripslashes desperately confusing

[gloosemo]

i'm running this script on my testing server on local machine. From what i can tell get magic quotes it not turned on (code below is used to checK)

Code:

if(get_magic_quotes_gpc())
	echo "Magic quotes are enabled";
else
	echo "Magic quotes are disabled";

Anyways i use addslashes to escape apostraphes and slashes before inserting them into a mySQL database. However, when i try to unescape them using stripslashes, it doesnt seem to be having an effect.

the following is a snippet of code that acts on a MySQL query result. I'm attempting to stripslashes but it's not working. When this query string is passed back to Javascript via Ajax, some things are still escaped when i output the JSON string to an alert box. For example, i call addslashes before inserting 1/2 into database, when i retrieve it through ajax via this script and use stripslashes, in an alert box it is still appearing as "1\/2".

Code:

	if ( $returnVar->select == "yes" ) {
		$arr = NULL;

		if ($result)
			$num_results = mysqli_num_rows($result);
		else
			$num_results = 0;

		for ($i = 0; $i < $num_results; $i++) {
			$row = mysqli_fetch_assoc($result);
			foreach ( $row as $current ) {
				$current = stripslashes($current);
			}
			$arr[$i] = $row;
		} 
		$returnVar->items = $num_results;
		

	}

$z = rawurlencode(json_encode($returnVar));
echo $z;

i then retrieve $z using AJAX call.

Also, the string " Honey Nut O's Cereal " is successfully inserted into database after calling addslashes on it. when its retrieved via the above snippet and output to a table cell in Html using JS, it appears the slash is gone. It also appears gone if i call an alert box on AJAX response string (but slash is sitll present in "1\/2" which i cannot figure out.) But when i then take the value from the table cell ( by using innerHTML ) and try to insert it back into the database, after calling addslashes it goes from having 0 slashes to 2 slashes!! wtf pls help cannot figure this out.

[Derokorian]

You should use mysql_real_escape_string instead of add/strip-slashes. As to your problem I have no idea why it wouldn't be working as expected.

[bokeh]

You should be using a database specific function like mysqli_real_escape_string(), not addslashes. Also if you end up with 1\/2 after using stripslashes that means you started with 1\\/2, i.e. 2 backslashes.

[gloosemo]

looking at how i put in stripslashes is there something wrong with it to make stripslashes not working? is that the correct way to iterate through an array and add stripslashes.

btw i now use mysql_real_escape_string

[NogDog]

There should not be any need to do a stripslashes() of the data retrieved from the database. If any unwanted "\" characters are in your data, then it's because of "double escaping" for some reason, most commonly because magic_quotes_gpc is in effect, and then applying mysql_real_escape_string() such that the magic quotes slashes are themselves escaped, but it could be because your code is actually escaping the data twice. If done correctly (negating the effect of magic_quotes_gpc if in effect and then applying the correct SQL escaping mechanism only once), there should be no escape characters getting stored in the actual database field -- the escaping is only used by the SQL query string parser, much like using escaped quotes in a PHP echo statement: you don't actually output the back-slashes.