[RESOLVED] stripslashes() an entire query?

rsmith

Is it possible to run stripslashes as follows:

$query = "SELECT * FROM `table`";
$result = mysql_query($query);
$info = stripslashes(mysql_fetch_assoc($result));

And have it strip slashes from all fields in the record?

TIA!

NogDog

No, nor should there be any reason to do so (unless you have suffered from the "double-slashitis" due to using mysql_real_escape_string() or addslashes() with input data that was already escaped due to the dreaded magic_quotes_gpc setting).

rsmith

Oh well, can't blame me for trying 😉. No, I use the mysql_real_escape_string on all my user submitted data and right now manually strip the slashes on the affected elements. Thanks!

NogDog

Like I said, there should be no need to strip slashes off of data retrieved from the database. The slashes added my mysql_real_escape_string() are for escaping certain characters within an SQL statement. Those slashes never actually make it into the database. It is like escaping a quote within a quoted string in a PHP echo() command: the slashes are just there to tell the parser that they are literal slashes, but they do not actually get output. In the case of mysql_real_escape_string(), the slashes are just there to tell the mysql parser that the following character should be treated literally, rather than as a special character, and the slash is then not read as part of the actual data.

If you are ending up with backslashes in your database data, then it is 99% likely due to having magic_quotes_gpc enabled in your PHP configuration. Therefore, you are escaping the slashes that it adds to your form data, and now they become literal backslash characters in your SQL string. You should disable magic_quotes_gpc if possible. If not, test for it being on via [man]get_magic_quotes_gpc/man, and if it is on then first use [man]stripslashes[/man] on your form data before running it through mysql_real_escape_string().