1

I'm currently using a custom PHP framework. It has a Class designed to handle interaction with the MYSQL database.

The select function, takes the table and a query, generates rows via mysqli_fetch_array($result, MYSQL_ASSOC) and either returns a regular array (each row is one element in the array) or FALSE if there are no results returned.

I'm thinking about adding the following statement to automatically always remove escaping slashes from the results

$data[] = array_map('stripslashes',$row );

As this class is used all over the application for returning anything from the database, would this be a sensible idea, versus always remembering to output data with stripslashes whenever it's from user or third party input?

Improve this question
2
  • If you add this to the Class it will executed for all. Rather execute this whenever needed after fetching data. Commented Dec 16, 2015 at 9:01
  • mentioning the framework and tagging it accordingly always helps Commented Dec 16, 2015 at 9:05

1 Answer 1

Reset to default
1

It would be good to add config switch to class, and when fetching data from it

you should pass the switch if want to stripslashes the data otherwise not,

Thanks Amit

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thanks. The question I'm really trying to work out is on a relatively busy web app, is running array_map on all rows to stripslashes by default a bad idea for performance or is the difference likely to be negligible?
the difference is going to be very negligible so you can use it. @thatguy

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.