potasmic
Reputation: 1097
Escaping quotes before MySQL
Here I have a script to validate description that users pass:
if(strlen($_POST['descriprtion']) >250) {
//Some error code here
} else {
$description = $mysqli->escape_string(htmlentities(trim($_POST['description']))); }
Now, I test with the description with I'm testing. I would give me something like this when I print out the page:
As you can see, there's a black slash before the single quote.
I was considering using stripslashes(), but where should I use it?
Upvotes: 0
Views: 84
Answers (1)
Alireza Fallah
Reputation: 4607
Use stripslashes() when you want to echo the variable.
echo $var; // --> I\'m testing. Not funny.
echo stripslashes($var); // --> I'm testing. Not funny.
Upvotes: 1
Related Questions
- What does it mean to escape a string?
- MySql ENCLOSED BY double quote
- Escaping string for MySQL statement
- Create MySQL string that is "safe" (escape double quotes)
- MySQL / PHP - Is this a good and secure way to escape in querys?
- Where to escape the string to prevent mysql injection?
- How do i add mysql_real_escape_string(): to this?
- Confusion about MySQL security: charset, escaping characters etc
- Escaping mysql without single quotes?
- SQL Injection, Quotes and PHP