Thanks to you all, I decided to turn that stuff off since the stripslashes function returned not exactly the same I get when it's turned off.
On Sun, Sep 12, 2004 at 11:44:40PM -0700, Chris Shiflett wrote: > --- Alexander Kleshchevnikov <[EMAIL PROTECTED]> wrote: > > You should chech for configuration of magic quotes gpc. > > Use get_magic_quotes_gpc() function: > > > > $foo = get_magic_quotes_gpc() ? stripslashes($_POST["foo"]) : > > $_POST["foo"]); > > I agree. However, stripslashes() doesn't necessarily undo addslashes(). If > you want to know why or see more discussion on that, search the PHP > internals archive. I think it was within the last 3 months or so that this > was discussed. > > The best option is to turn that stuff off, but if you can't, I bet the > fix_magic_quotes() function will be helpful. It can be found here: > > http://education.nyphp.org/phundamentals/PH_storingretrieving.php > > That page also describes why it's best to not use magic_quotes. > > Hope that helps. > > Chris > > ===== > Chris Shiflett - http://shiflett.org/ > > PHP Security - O'Reilly > Coming December 2004 > HTTP Developer's Handbook - Sams > http://httphandbook.org/ > PHP Community Site > http://phpcommunity.org/ > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
