JHolovacs Posted July 17, 2008 Share Posted July 17, 2008 I tried searching for this online, but my keywords are just too vague; I'm hoping someone knows this off the top of their head. if I get a $_REQUEST variable in, i filter it thru mysql_real_escape_string as a matter of course; it makes sense to me, the security benefit is clear, but the problem is it tends to malform the data I'm trying to insert into mu MySQL database. for example: $store_name = mysql_real_escape_string($_REQUEST['store_name']); $query = "INSERT INTO stores (store_name) VALUES ('$store_name')"; $result = mysql_query($query); All is well if I enter "SpudRuckers" as the form data, but if I enter "Joe's Cheese Eatery" the data in my database shows up as "Joe\'s Cheese Eatery" which is not what I want. What am I doing wrong? Quote Link to comment Share on other sites More sharing options...
Skittalz Posted July 17, 2008 Share Posted July 17, 2008 Your not doing anything wrong. Its called magic quotes. http://us2.php.net/magic_quotes Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted July 17, 2008 Share Posted July 17, 2008 Since you have magic_quotes turned on, you should use stripslashes() before the mysql_real_escape_string(): <?php $store_name = mysql_real_escape_string(stripslashes($_REQUEST['store_name'])); $query = "INSERT INTO stores (store_name) VALUES ('$store_name')"; $result = mysql_query($query); ?> Ken Quote Link to comment Share on other sites More sharing options...
GingerRobot Posted July 17, 2008 Share Posted July 17, 2008 It's also the invention of the devil. Almost. Quote Link to comment Share on other sites More sharing options...
JHolovacs Posted July 17, 2008 Author Share Posted July 17, 2008 Thanks! I thought it was something simple, but it was seriously throwing me for a loop. I appreciate it. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.