awesomebill61 0 Report post Posted February 2, 2008 my php configuration has magic_quotes_runtime set to offso, when i pull a string out of a mysql db, how come it shows up just fine without running it through addslashes()?when i run it through addslashes(), it adds slashes where its supposed to.... but when i don't use it it shows up just finei am curious as to why i dont have to run addslashes() to make my text show up rightcan anyone answer my question? Share this post Link to post Share on other sites
jlhaslip 4 Report post Posted February 2, 2008 Magic_quotes function adds slashes to strings going to a Database. If it is set 'off', then the Database does not contain the escapes "\", so they won't be there when you return the data. Magic_quotes is deprecated in php6. http://forums.xisto.com/no_longer_exists/ Share this post Link to post Share on other sites
truefusion 3 Report post Posted February 2, 2008 Whenever you pull something out of your database that has slashes added to it, always strip the slashes using the stripslashes() function. It is better for you to add slashes to any input that's going into the database for security reasons. But it's better to use the mysql_real_escape_string() function than addslashes(). Share this post Link to post Share on other sites