Stripslashes & wp prepare

I am working on building a cust开发者_如何学Goom wordpress theme - and there is a section where I am pulling data via a query which is protected by wpdb->prepare.

When I look at the resulting text that's pulled in an escape slash is stuck on there. EG surf's up becomes surf\'s up.

Anyhow - my main question is - if I apply stripslashes to a couple of the query fields after they have been pulled, am I compromising the security applied by wpdb->prepare ?

eg

'altText' => stripslashes($myrow_home->alttext),

Thanks for looking, mro.

Obvisoulsy, wpdb->prepare() prepares the string for DB use, so it escapes the quotes to avoid injections of all sorts.

I don't really see why you would intercept a prepared value for other uses than DB, but it's safe to stripslash it, provided of course you don't use the stripslashed value after in a DB query!

The short answer is you can use stripslashes without compromising the security of wpdb->prepare.

From WP Function Reference:

As with all functions in this class that execute SQL queries, you must SQL escape all inputs (e.g., wpdb->escape($user_entered_data_string) ).

Take a look at http://codex.wordpress.org/wpdb_Class#Protect_Queries_Against_SQL_Injection_Attacks for more info.

Also be sure to read: http://codex.wordpress.org/Data_Validation

It is very important that you understand how WP Data Validation works BEFORE you create a theme.