Is there a reason why I need to use stripslashes for user submitted data?
What do people use stripslashes for and is it typically used in co开发者_Go百科njunction with addslashes? Why should I strip or add slashes to a string that's submitted by a user?
You should always sanitize the user's input. But not with addslashes()
... If you want to compose a query with the user's input, use the proper database escaping mechanism (look into mysql_real_escape_string()
and PDO prepared statements).
The reason for sanitizing user input is security. Read about SQL injection and cross-site scripting, which are the two most common security problems arising from un-sanitized input.
精彩评论