Slashes infront of ' and &quot;

Slashes infront of ' and "

gamew0rld

I know that you should use addslashes($string) to avoid errors with ' and ", but for some reason, slashes are always put before them even if I dont use addslashes. Some of my code is :

<?php
if($HTTP_POST_VARS['Game_Name'] != ""){
$gname = $HTTP_POST_VARS['Game_Name'];
$gtype = $HTTP_POST_VARS['Game_Type'];
$gdate = $HTTP_POST_VARS['Date_Added'];
$gplayers = $HTTP_POST_VARS['Players'];
$gdesc = $HTTP_POST_VARS['Game_Object'];
$gcat = $HTTP_POST_VARS['Category'];
$gurl = $HTTP_POST_VARS['Game_URL'];
?>

Name: <?=$gname?><br>
Type <?=$gtype?><br>
Date: <?=$gdate?><br>
Players: <?=$gplayers?><br>
Object: <?=$gdesc?><br>
Category: <?=$gcat?><br>
URL: <?=$gurl?><br>

<?
}
?>

When I view the text, there is already a slash infront of the ' and ". If I use addslashes($string), I would see something like this: don///'t, and when I use stripslashes, I can still see one of the slashes. Any idea why?

HalfaBee

The magic_quotes_gpc is ON by default.

If magic_quotes_runtime is enabled, most functions that return data from any sort of external source including databases and text files will have quotes escaped with a backslash.

So you don't need to add them.

HalfaBee

ahundiak

Actually, magic_quotes_qpc only impacts data returned from Get/Post/Cookie operations (hence the gpc). http://www.php.net/manual/en/ref.info.php#ini.magic-quotes-gpc

Personally, I think it was a silly design decision to automatically support a non-standard SQL extension.

gamew0rld

Would I be better off using addslashes and stripslashes just to be on the safe side?

laserlight

you can just check the status of magic_quotes_gpc with [man]get_magic_quotes_gpc/man.