problems with addslashes and stripslashes desperately confusing
i'm running this script on my testing server on local machine. From what i can tell get magic quotes it not turned on (code below is used to checK)
echo "Magic quotes are enabled";
echo "Magic quotes are disabled";
Anyways i use addslashes to escape apostraphes and slashes before inserting them into a mySQL database. However, when i try to unescape them using stripslashes, it doesnt seem to be having an effect.
Also, the string " Honey Nut O's Cereal " is successfully inserted into database after calling addslashes on it. when its retrieved via the above snippet and output to a table cell in Html using JS, it appears the slash is gone. It also appears gone if i call an alert box on AJAX response string (but slash is sitll present in "1\/2" which i cannot figure out.) But when i then take the value from the table cell ( by using innerHTML ) and try to insert it back into the database, after calling addslashes it goes from having 0 slashes to 2 slashes!! wtf pls help cannot figure this out.
You should be using a database specific function like mysqli_real_escape_string(), not addslashes. Also if you end up with 1\/2 after using stripslashes that means you started with 1\\/2, i.e. 2 backslashes.
There should not be any need to do a stripslashes() of the data retrieved from the database. If any unwanted "\" characters are in your data, then it's because of "double escaping" for some reason, most commonly because magic_quotes_gpc is in effect, and then applying mysql_real_escape_string() such that the magic quotes slashes are themselves escaped, but it could be because your code is actually escaping the data twice. If done correctly (negating the effect of magic_quotes_gpc if in effect and then applying the correct SQL escaping mechanism only once), there should be no escape characters getting stored in the actual database field -- the escaping is only used by the SQL query string parser, much like using escaped quotes in a PHP echo statement: you don't actually output the back-slashes.
"Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
~ Terry Pratchett in Nation