mysql_real_escape_string & slashes (again, oh yes)
Posted
by
Fizzadar
on Stack Overflow
See other posts from Stack Overflow
or by Fizzadar
Published on 2011-01-03T21:50:04Z
Indexed on
2011/01/03
21:53 UTC
Read the original article
Hit count: 146
Righto, firstly magic quotes & runtime are disabled correctly in php.ini, and confirmed by phpinfo().
PHP version: 5.3.4 MySQL version: 5.1.52
I'm only use mysql_real_escape_string on the data, after htmlspecialchars and a trim, that's all the data cleaning on the variable.
Yet, when I submit a single quote, the slash remains in the database.
When running mysql_query I'm using "' . $var . '", although in the past this hasn't changed anything (could be due to the double quotes?).
Any ideas? and please don't tell me about PDO/prepared statements, I'm aware of them and I have my reasons for doing it this way.
Thanks!
© Stack Overflow or respective owner