On Fri, 16 Jul 2004, John W. Holmes wrote:
> Ed Curtis wrote: > > On Fri, 16 Jul 2004, Justin Patrin wrote: > >>This is why he said: "Since you seem to have magic_quotes_gpc enabled, > >>you can put the value directly into your query." > >> > >>You shouldn't use htmlentities when putting it into the DB. Use it > >>when displaying the text. > > > > I tried it both ways and it only works correctly when I do use > > htmlentities($_POST['text']) in my insert query. I'm not showing the text > > to the user on page 3 at all. > > Well, if you're happy with it "just working" and not knowing why or how > it's going to break in the future... have fun. > Ok then, I want to know how to do it the right way but just using $_POST['text'], as stated before, in my query still cuts off the text at the quote. While passing this field between pages I don't do anything to it but when I want to show it to the user I would use stripslashes($_POST['text']). Is this the correct way to make sure my quotes get passed into the database? Ed -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
