Reputation: 18119
Wordpress Database Output - Remove SQL Injection Escapes
I'm having a problem using $wbdb. When I insert or update data using $wpdb->insert or $wpdb->update, the SQL injection protection actually inserts the \' into the database, and when outputting that information it has the SQL escape with it. (ie: My Value\'s Escaped).
I know there's gotta be a way to escape this using a wordpress function, but I haven't been able to find it searching google and the wordpress codex. ...So what's that function, or what am I doing wrong (seems like the '\' shouldn't really get to the database in the first place) Thanks!
Upvotes: 4
Views: 1338
Answers (1)
Reputation: 8918
It looks as if magic_quotes are enabled on the server you are using.
There are a number of SO questions and answers that deal with what they are, why they're bad, and how to get rid of them, so I won't explicitly explain here, but suggest you look at a few of the following:
- Magic quotes in PHP
- Work around magic quotes, or just make sure they're off?
- How can I disable PHP magic quotes at runtime?
- How to turn off magic quotes on shared hosting?
- PHP protecting itself from SQL injections?
Upvotes: 3
Related Questions
- PHP get rid of  in database output
- mysql_real_escape_string deleting entire string
- How to prevent SQL Injection in Wordpress?
- SQL query to remove SQL injection
- Sql injection mysql_real_escape_string
- Escape MySQL PHP
- php sql injection escape string
- SQL Injection, Quotes and PHP
- Quotes in database escaped after malware cleansing
- Sql injection attempt PHP 5.2.6