Do I Need To Use "stripslashes()" On User Input Text

Volitics

What if I strip the slashes from user input text that my script stores in the MySQL database? When my web site extracts the user input text from the database and displays it on the page what is the liklihood that an un-backslashed single quote or double quote mark will screw up the PHP code in the script that extracts the information from the database?

In other words, I am in a quandry about whether or not to backslash $Variables on a user registration page so that any quote marks the user inputs doesn't mess things up and cause the script to choke. Basically, I'm trying to get it clear in my mind the best way to handle the stripslashes() function regarding user input.

I would appreciate any opinions.

Thanks.

Volitics

LordShryku

Well, if all you're doing with the user input is putting it in a database, leave the slashes there. They will come in handy when putting the info in the database, because it too needs to be escaped. When you go to display the information, that's when you should be using stripslashes().

Volitics

LordShryku;

Thank you for responding to my problem.

I'm starting to get it figured out a little bit now. It's ok if a name like O\'Malley or Rene\' has a backslash in the database. If I stripslash the data as it comes out of the database it will remove the backslash and the names will look like: O'Malley or Rene' or the way they should.

One other question, if I stripslash the data as it comes out of the database will double quotes mess up the script on the output page?

Thanks.

Volitics

LordShryku

They shouldn't because they already have slashes in them. The stripslashes will just remove it for presentation.

Volitics

LordShryku

Thanks