NYCPHP Meetup

[Emmanuel Décarie]

Hi there,

I think that there's 3 points that need clarification:
<http://phundamentals.nyphp.org/5.php?expiredate=1/19/2004&topicnumber=5>

(1) "Best Practice: Do not use the function addslashes but, instead, use a
function that is specific to your database."

Could the tutorial elaborate a little bit more on this? I have been using
addslashes with Mysql with no problems and the tutorial doesn't convince me why
I should change to mysql_escape_string/mysql_real_escape_string.

(2) htmlentities/htmlspecialchars

I think the tutorial should insist that the best practice is not using these
functions on data that you want to *insert* in a database.

(3) "You will notice that two commands - addslashes and stripslashes - are
conspicously absent from this article. If you follow our best practice
recommendations, there is no need to use either one of these functions in the
situations that have been examined."

The bit on stripslashes need also some clarification. Every time I insert some
values in Mysql, I use addslashes, and when I want to get back these values from
the database, I always use stripslashes on these values but the tutorial makes
me realize now how stupid I am and that there's no need in fact to use
stripslashes in this case.  I don't know where I got this idea, but anyway, I'm
sure many people felt in this trap.

Anyway, thanks for the tutorial, I learned something :).

PS: My spell checker (Grammarian/OS X) flagged 'conspicously' and wanted
'conspicuously' instead.

Cheers
-Emmanuel
--
Emmanuel Décarie / Programmation pour le Web - Programming for the Web
<http://scriptdigital.com/> - Blog: <http://blog.scriptdigital.com> - AIM: scriptdigital