user887515
user887515

Reputation: 804

Escape character being added when using mysql_real_escape_string

I am using mysql_real_escape_string on all of my queries. addslashes is not being used, however every time a ' is used it is escaped on the output - it is like it is being escaped by mysql_real_escape_string and then again by a PHP setting of some kind.

Is anyone aware of any setting that would cause this, it is a pain to use mysql_real_escape_string and then stripslashes?

Upvotes: 1

Views: 150

Answers (1)

rook
rook

Reputation: 67039

First of all make sure magic_quotes_gpc=Off in you php.ini. This would cause you to addslashes twice which would cause problems for data inserted into the db.

Also you should not be using mysql_real_escape_string or addslashes on output'ed data. Only on variables being used in query because it prevents SQL Injection.

A better way to stop sql injection is to use parameterized quires with PDO, ADODB or MySQLi.

Upvotes: 2

Related Questions