NYCPHP Meetup

[Daniel Convissor]

On Tue, Jan 08, 2008 at 11:06:12PM -0500, Ken Robinson wrote:
> 
> $var = mysql_real_escape_string(stripslashes($var));

The best approach is to turn off the magic quotes and use 
mysql_real_escape_string() directly without doing stripslashes().


> After you retrieve the value, use
> $var = htmlentities(stripslashes($var),ENT_QUOTES);

If you do things right going in to the database you should not have to 
strip slashes on the way out.

--Dan

-- 
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
            data intensive web and database programming
                http://www.AnalysisAndSolutions.com/
 4015 7th Ave #4, Brooklyn NY 11232  v: 718-854-0335 f: 718-854-0409