问题
What do people use stripslashes for and is it typically used in conjunction with addslashes? Why should I strip or add slashes to a string that's submitted by a user?
回答1:
You should always sanitize the user's input. But not with addslashes()... If you want to compose a query with the user's input, use the proper database escaping mechanism (look into mysql_real_escape_string() and PDO prepared statements).
The reason for sanitizing user input is security. Read about SQL injection and cross-site scripting, which are the two most common security problems arising from un-sanitized input.
来源:https://stackoverflow.com/questions/6399833/is-there-a-reason-why-i-need-to-use-stripslashes-for-user-submitted-data