CODEWITHSUNDEEP
php
John
John

Reputation: 4944

Removing a Preceding Backslash from Apostrophes

When I add a comment using the variable below, apostrophes are printed with a backslash in front of them. How can I get rid of the backslashes?

Thanks in advance,

John

Example of printed result:

My roommate\'s brother\'s ex-girlfriend\'s aunt drive a Toyota.

$comment = mysql_real_escape_string($_POST['comment']);

Upvotes: 0

Views: 4112

Answers (3)

chris
chris

Reputation: 9993

from http://php.net/manual/en/function.mysql-real-escape-string.php

Note: If magic_quotes_gpc is enabled, first apply stripslashes() to the data. Using this function on data which has already been escaped will escape the data twice.

Upvotes: 1

Matti Virkkunen
Matti Virkkunen

Reputation: 65126

Isn't that exactly what mysql_real_escape_string is supposed to do? If you're still seeing the slashes after inserting the data into the database and fetching it back, make sure the magic_quotes_gpc server option is turned off.

Upvotes: 0

Pascal MARTIN
Pascal MARTIN

Reputation: 401002

mysql_real_escape_string() is adding backslashes, so you can inject your string safely into an SQL query -- this is acting as a protection against SQL Injections.

But this function should only be used when you want to build an SQL query -- not when you want to output something.

When you want to output a string to an HTML page, you'll generally use htmlspecialchars or htmlentities, to prevent XSS.


If you already have some backslashes before calling `mysql_real_escape_string()`, it might be because of [**Magic Quotes**][6] -- if so, you might want to first call [`stripslashes()`][7] on the input you get from the user, to not duplicate the backslashes.

Upvotes: 3

Related Questions