mysql_real_escape_string & slashes (again, oh yes)

Posted by Fizzadar on Stack Overflow See other posts from Stack Overflow or by Fizzadar
Published on 2011-01-03T21:50:04Z Indexed on 2011/01/03 21:53 UTC
Read the original article Hit count: 146

Righto, firstly magic quotes & runtime are disabled correctly in php.ini, and confirmed by phpinfo().

PHP version: 5.3.4 MySQL version: 5.1.52

I'm only use mysql_real_escape_string on the data, after htmlspecialchars and a trim, that's all the data cleaning on the variable.

Yet, when I submit a single quote, the slash remains in the database.

When running mysql_query I'm using "' . $var . '", although in the past this hasn't changed anything (could be due to the double quotes?).

Any ideas? and please don't tell me about PDO/prepared statements, I'm aware of them and I have my reasons for doing it this way.

Thanks!

© Stack Overflow or respective owner

Related posts about php

Related posts about mysql