Reputation: 804
Escape character being added when using mysql_real_escape_string
I am using mysql_real_escape_string on all of my queries. addslashes is not being used, however every time a ' is used it is escaped on the output - it is like it is being escaped by mysql_real_escape_string and then again by a PHP setting of some kind.
Is anyone aware of any setting that would cause this, it is a pain to use mysql_real_escape_string and then stripslashes?
Upvotes: 1
Views: 150
Answers (1)
Reputation: 67039
First of all make sure magic_quotes_gpc=Off in you php.ini. This would cause you to addslashes twice which would cause problems for data inserted into the db.
Also you should not be using mysql_real_escape_string or addslashes on output'ed data. Only on variables being used in query because it prevents SQL Injection.
A better way to stop sql injection is to use parameterized quires with PDO, ADODB or MySQLi.
Upvotes: 2
Related Questions
- mysql_real_escape_string and ’
- mysql_real_escape_string and special characters
- Issue with mysql_real_escape_string()
- Issue with mysql_real_escape_string
- mysql_real_escape_string is being ignored
- mysql_real_escape_string() is not escaping anything
- Bug with mysql_real_escape_string and addslashes
- mysql_real_escape_string not working
- Problems with mysql_real_escape_string
- mysql_real_escape_string not good enough?