kristen
Reputation: 488
do I need to escape_string for a json_encoded object?
I have a json object I want to store in my db:
$string='{"test": [{"name":"dave","user":"dan"}]}';
$encoded=json_encode($string);
$connection=Database::getInstance();
$escaped=mysqli_real_escape_string($connection->connection,$encoded);
$q="UPDATE table SET column=?";
$s=mysqli_prepare($conn->connection,$query);
mysqli_stmt_bind_param($s,'s',$escaped);
mysqli_stmt_execute($s);
When I json_encode and mysqli_real_escape_string, it appears as the following in my db:
\"{\\\"test\\\": [{\\\"name\\\":\\\"dave\\\",\\\"user\\\":\\\"dan\\\"}]}\"
Obviously, I don't want to invite hackers but it seems like a crazy amount of slashes...do I need to do BOTH json_encode or mysqli_real_escape_string or can I just use json_encode?
Upvotes: 0
Views: 126
Answers (1)
Pekka
Reputation: 449395
You are already using a parametrized query - mysqli_real_escape_string() is not necessary in that case any more. (In fact, it is wrong because it breaks the data.)
Upvotes: 3
Related Questions
- PHP json encoded string escaping
- Special characters with json in php
- PHP MySQL and json_encode without quotes around value?
- JSON Escape Sequence
- special char in JSON
- How to import escaped data from MySQL to JSON?
- mysql_real_escape_string and json
- escape all data in an object
- escape strings correctly into JSON data in PHP
- What is the correct way to escape text in JSON responses?