Jump to content

[SOLVED] Help with Prepared statements and escaping


accident

Recommended Posts

Hello, I just started using prepared statements with mysqli class.

Anyways,  I have code like this

 

$stmt = $sql->prepare("INSERT INTO survey VALUES (null, ?, ?, ?)")

 

$stmt->bind_param('sss', $_POST['name'], $_POST['address'], $_POST['product_purchased']);

The first field is ID auto increment,  rest are string fields.

 

However if one of the fields I enter an apostrophe  it gets escaped in the database with a slash \  so for example didn't  would be stored as didn\'t 

I thought prepared statements are suppose to get rid of this?

Is there any way to change this without calling strip slashes, or real escape string on every field?

 

Thanks

 

 

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.