Magic quotes

mikawhat

What's the opposite action of addslashes()? I mean, the input will be stored in the db like \' , when retrieving that input is there a function that will remove the \ ?

could i just use str_replace e.g. str_replace("\'", "'", $var) ?

laserlight

I mean, the input will be stored in the db like \'

It wont. It will be stored as '

Besides, you should not be using addslashes() at all, but rather should have magic_quotes_gpc off and then use the appropriate escaping mechanism, e.g., mysql_real_escape_string(), or better yet, prepared statements.

mikawhat

Yes actually i'm not using addslashes. I'm using the following function:

<?php //function ing and triming form data
function escape_data ($data) {
	global $dbcnx;
	if (ini_get('magic_quotes_gpc')) {
		$data = stripcslashes($data);
	}

return mysql_real_escape_string(trim($data), $dbcnx);
}
?>

i just echoed some input and i saw the / in front, so i thought it would be store like that in the db..

laserlight

i just echoed some input and i saw the / in front, so i thought it would be store like that in the db..

It isnt. Try retrieving from the database to check.