Slashes

From MoodleDocs
Revision as of 10:46, 7 October 2006 by Gustav Delius (talk | contribs) (I still have to draw the diagram for this page)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

The functions addslashes() and stripslashes() are misused often, so here is a short explanation of what they are for and when they should be used.

Before entering data into a database, special symbols like single or double quotes need to be escaped by a backslash. So for example every ' needs to be converted to \' in any string that is to be stored in the database. When the string is fetched back from the database it comes back without those slashes. So if data that comes directly from the database is to be written back to the database it needs to have the slashes added to it again. This is an example where the addslashes() function should be used.

Because data submitted by the user will often need to be written to the database, Moodle ensures that it automatically gets slashes added to it. So you never have to use addslashes() on data that comes from the user. If however you want to display data that was submitted by the user then you have to strip the slashes that have been added. This is an example where the stripslashes() function should be used.

The whole situation can be summarized in the following diagram:

(Diagram in preparation)