Reputation: 804
I am using mysql_real_escape_string
on all of my queries. addslashes
is not being used, however every time a '
is used it is escaped on the output - it is like it is being escaped by mysql_real_escape_string
and then again by a PHP setting of some kind.
Is anyone aware of any setting that would cause this, it is a pain to use mysql_real_escape_string
and then stripslashes
?
Upvotes: 1
Views: 150
Reputation: 67039
First of all make sure magic_quotes_gpc=Off
in you php.ini. This would cause you to addslashes twice which would cause problems for data inserted into the db.
Also you should not be using mysql_real_escape_string or addslashes on output'ed data. Only on variables being used in query because it prevents SQL Injection.
A better way to stop sql injection is to use parameterized quires with PDO, ADODB or MySQLi.
Upvotes: 2