PhotoPost Community - View Single Post

Frost · May 12th, 2005, 01:31 PM

I'm not sure you all are understanding. With magic quotes on, the header-inc.php readds slashing after the call to vB global.php, so when the PP code addslashes, variables get double slashed. That fact that pp-inc.php stripslashes doesn't matter. Thus, in the table and onscreen, you'll see backslashes. That's why the author of the code does stripslashes after queries to a table. Chuck, I'm assuming you have magic quotes off, so that on your install, if you enter something like "foo\bar" for the title and description, you should see "foobar" onscreen, so simply using $desc = stripslashes( $desc ); does not get around the escaping issue in the PP code. With magic quotes on, $desc = stripslashes( $desc ); strips the extra slashes. With magic quotes off, $desc = stripslashes( $desc ); unnecessarily strips intended slashes. Clear now?

May 12th, 2005, 01:31 PM	#14 (permalink)
Frost Registered User Join Date: Apr 2005 Posts: 148	I'm not sure you all are understanding. With magic quotes on, the header-inc.php readds slashing after the call to vB global.php, so when the PP code addslashes, variables get double slashed. That fact that pp-inc.php stripslashes doesn't matter. Thus, in the table and onscreen, you'll see backslashes. That's why the author of the code does stripslashes after queries to a table. Chuck, I'm assuming you have magic quotes off, so that on your install, if you enter something like "foo\bar" for the title and description, you should see "foobar" onscreen, so simply using $desc = stripslashes( $desc ); does not get around the escaping issue in the PP code. With magic quotes on, $desc = stripslashes( $desc ); strips the extra slashes. With magic quotes off, $desc = stripslashes( $desc ); unnecessarily strips intended slashes. Clear now?