Jump to content
MakeWebGames

Alternative to strip_slashes()

Dillion & Amanda 4 Lif
 Share

Recommended Posts

Dillion & Amanda 4 Lif Newbie

Dillion & Amanda 4 Lif

Posted
Posted

Well, since i know alot of people use the strip_slashes() function, i want to help out. As anyone knows magic quotes are better to not be used in scripts. However, strip_slashes() relies on them. Heres an alternative, ridiculously easy function you can use. I recommend putting it in a file that you include on every page.

 

 <?php

  function stripslashes($text){
   return str_replace(array("\\","/"), array("",""), $text);
  }

?>

 

The main reason i use this is because i escape data on input, and i dont like slashes because of quotes in my names of things, so this way its safe inside the db, and you dont have a bunch of slashes ruining your stuff :)

Dillion & Amanda 4 Lif Newbie

Dillion & Amanda 4 Lif

Posted
  • Author
Posted

An example use of stripslashes() is when the PHP directive magic_quotes_gpc is on (it's on by default), and you aren't inserting this data into a place (such as a database) that requires escaping. For example, if you're simply outputting data straight from an HTML form.

?

Djkanna Apprentice

Djkanna

Posted
Posted

magic_quotes adds addslashes() to all $_GET, $_POST,$_COOKIE..

If magic_quotes is disabled (like I mentioned in my previous post) there is no addslashes added to those var's to therefor no need to use stripslashes().

As magic_quotes is deprecated and removed as of PHP 6.0 (I think that's right) there will be no use of stripslashes in the instance of how it's being used to date.

As for databases addslashes() escapes it then you happen to use for example mysql(i)_real_escape_string() which would en up being:

(example) This little Piggy wasn\\'t home for Dinner(/example)

Which gives the misconception of stripslashes needed when using mres or addslashes however this is not the case the reason you end up with a / in the database is because you're double escaping(not a good thing) the said variable so ofcourse you want to get rid of the extra backslash(or is it a forward slash :S ) hense the use of stripslashes.

Now if magic_quotes is disabled and you use an escaping function inside a query it would look like :

(example)mysql_query("UPDATE `blah` SET `blah` = 'This little Piggy wasn\'t home for dinner' ") (/example)

In the database it would look like:

Blah: This little Piggy wasn't home for dinner

Wait a minute no slash?

So that then renders the stripslashes() on output that you did useless at best.

Dillion & Amanda 4 Lif Newbie

Dillion & Amanda 4 Lif

Posted
  • Author
Posted
magic_quotes adds addslashes() to all $_GET, $_POST,$_COOKIE..

If magic_quotes is disabled (like I mentioned in my previous post) there is no addslashes added to those var's to therefor no need to use stripslashes().

As magic_quotes is deprecated and removed as of PHP 6.0 (I think that's right) there will be no use of stripslashes in the instance of how it's being used to date.

As for databases addslashes() escapes it then you happen to use for example mysql(i)_real_escape_string() which would en up being:

 

(example) This little Piggy wasn\\'t home for Dinner(/example)

Which gives the misconception of stripslashes needed when using mres or addslashes however this is not the case the reason you end up with a / in the database is because you're double escaping(not a good thing) the said variable so ofcourse you want to get rid of the extra backslash(or is it a forward slash :S ) hense the use of stripslashes.

Now if magic_quotes is disabled and you use an escaping function inside a query it would look like :

(example)mysql_query("UPDATE `blah` SET `blah` = 'This little Piggy wasn\'t home for dinner' ") (/example)

In the database it would look like:

Blah: This little Piggy wasn't home for dinner

Wait a minute no slash?

So that then renders the stripslashes() on output that you did useless at best.

 

Ahh ok.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...