I have added a page to the Developer part of MoodleDocs explaining when to use addslashes() and stripslashes(). It is quite simple but it is easy to get it wrong.
I also fixed some places in the code where things went wrong, for example in blog posts. Also for some reason print_textarea() was stripping slashes from the text that was sent to the html area but not from the text that was sent to standard text areas. I have changed that so that it never strips slashes.
I was just about to fix the incorrect use of slashes in the 1.7 blog, thanks 
There should also be information about always using s() and p() to output strings from the database.
With luck this will all be less of an issue in 1.8, as we're planning to add "prepared statements" to the database library functions and will be expecting everything to be not slashed all the time.
P.S. Remember, the namespace is Development not Developer, I see Helen has already fixed this page.
With luck this will all be less of an issue in 1.8, as we're planning to add "prepared statements" to the database library functions and will be expecting everything to be not slashed all the time.
P.S. Remember, the namespace is Development not Developer, I see Helen has already fixed this page.
Thanks Martin for pointing out that the Developer namespace is called Development and thanks to Helen for fixing my incorrectly named pages.
The page about s() and p() (and the other Moodle output functions) had already been written by Eloy and I have now linked to it.
The page about s() and p() (and the other Moodle output functions) had already been written by Eloy and I have now linked to it.
Hi
Are those addslashes() and stripslashes() still required?
Are those addslashes() and stripslashes() still required?
In Moodle 1.9 development: yes.
In Moodle 2.0 (HEAD) development: no (and see other documentation on changes to database system).
--sam
In Moodle 2.0 (HEAD) development: no (and see other documentation on changes to database system).
--sam
Thanks for your quick reply