Assuming this is for a database, use the escaping mechanism that comes with the database. For example, use mysql_real_escape_string() with MySQL and pg_escape_string() with PostgreSQL. There is also the generic addslashes() and stripslashes() functions, that are more common with older PHP code.

Note: directive note: magic_quotes_gpc

The magic_quotes_gpc directive defaults to on. It essentially runs addslashes() on all GET, POST, and COOKIE data. stripslashes() may be used to remove them.

Posted in: PHP

Related FAQ's

Marius Ion ANGEL HOT SOFT LLC (800) 316-7677