Help With mysql_real_escape_string

Immsy

Immsy

Immsy

Associate
Joined
18 Oct 2002
Posts
2,367
I am using mysql_real_escape_string on anything that the user inputs that is entered into my database which deals with things like ' and such in words. When I output what I have saved in the database all the ' are shown as \'. Should I be running stripslashes () on the output?

Another strange occurance is that the ' is only shown as \' on my webspace but when running localally with xampp it outputs correctly as '.

Can anyone shed any light on this?

Thanks
 

NathanT

NathanT

NathanT

Associate
Joined
11 Jun 2009
Posts
813
Looks like a magic_quote issue (where one server has the variable on and the other off or one is out of date)
I was under the impression that this function was depcreciated and more recently removed due to the issues that people had.
 

Immsy

Immsy

Immsy

Associate
OP
Joined
18 Oct 2002
Posts
2,367
Thanks for the replies, thats what I ended up doing, stripslahes and then mysql_real_escape_string on the database queries.
 

marc2003

marc2003

marc2003

Soldato
Joined
6 Feb 2004
Posts
20,599
Location
England
i'd use an .htaccess file to turn off magic quotes. then you wouldn't have to bother with that if/striplashes nonsense.

Code: 
php_value magic_quotes_gpc off
 

marc2003

marc2003

marc2003

Soldato
Joined
6 Feb 2004
Posts
20,599
Location
England
nope.

http://php.net/manual/en/configuration.changes.php

When using PHP as an Apache module, you can also change the configuration settings using directives in Apache configuration files (e.g. httpd.conf) and .htaccess files. You will need "AllowOverride Options" or "AllowOverride All" privileges to do so.
Click to expand...

if you have access to php.ini/httpd.conf then of course there is no need for it. but i find it handy because it's quick, easy and portable (assuming your host supports it)
 
You must log in or register to reply here.
Back
Top Bottom