i have problem with addslashes and stripslashes.
i have added data like this:$data['sender_name']= addslashes($_POST['sender_name']);
$data['sender_email']= $_POST['sender_email'];
$id=insert('delivery',$data);
function insert($table=NULL,$fields=NULL)
{
if($table && isset($table) && $fields && isset($fields))
{
$sql="INSERT INTO $table(";
foreach($fields as $key=>$value)
{
$sql.="$key,";
}
$sql=(substr($sql,0,strlen($sql)-1));
开发者_运维问答 $sql.=") VALUES (";
foreach($fields as $key=>$value)
{
if(is_string($value))
$sql.="'".$value."',";
else
$sql.="$value,";
}
$sql=(substr($sql,0,strlen($sql)-1));
$sql.=")";
$flag=0;
self::openConnection();
mysql_query($sql,self::$connection);
$flag=mysql_insert_id();
self::closeConnection();
return $flag;
}
}
it's enter the data in database but without add slashes.
magic_quotes_gpc is off.instead of addslashes
use mysql_real_escape_string
http://php.net/manual/en/function.mysql-real-escape-string.php
精彩评论