UBB.Developers Forums Community Development Programming PHP and Server-side Scripting Addslashes

I notice that Threads does an addslahes on every text field added/changed in an sql query. Is this something that should always be done? Can someone tell me why or what would cause a query to fail if you didnt include this?

The default setting of PHP is to add slashes on all info that it recieves from GET or POST (or when read from the database too, I think) which means that you don't have to do addslashes before entering them into the database.

But this means that you have to remember when you have to do addslashes before entering something into the database, since you would have to do it on strings which hasn't had the slashes added automatically.

In threads all slashes are removed after they have been read and therefore addslashes has to be called on every value that is entered into the database. This means that there is less confusion and there won't be a risk of forgetting to do addslashes on something.

This is to ensure that special characters that may break the query during storage of the data are properly escaped. Always better safe than sorry.

Okay, I figured out that putting a tick into a field was causing an insert to fail; so clearly I need to have the addslashes... Hopefully I catch them all...