View Single Post
 
Old June 8th, 2004, 06:21 PM
richard.york's Avatar
richard.york richard.york is offline
Wrox Author
Points: 5,506, Level: 31
Points: 5,506, Level: 31 Points: 5,506, Level: 31 Points: 5,506, Level: 31
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: Camby, IN, USA.
Posts: 1,706
Thanks: 0
Thanked 6 Times in 6 Posts
Default

The forward slashes are added to all data that comes into a PHP script from outside sources. This prevents a malicious user from running DB quries or executing script directly from your form input fields. This is called the magic_quotes_gpc directive. gpc stands for GET, POST and COOKIE, the three methods of outside input.

To get rid of the slashes you have to run stripslashes() on the data before outputting it for display, but not before storing in a DB, as this would allow the vulnerability I just mentioned.

http://www.php.net/stripslashes
http://www.php.net/addslashes

Regards,
Rich

::::::::::::::::::::::::::::::::::::::::::
The Spicy Peanut Project
http://www.spicypeanut.net
::::::::::::::::::::::::::::::::::::::::::