accident Posted July 22, 2008 Share Posted July 22, 2008 Hello, I just started using prepared statements with mysqli class. Anyways, I have code like this $stmt = $sql->prepare("INSERT INTO survey VALUES (null, ?, ?, ?)") $stmt->bind_param('sss', $_POST['name'], $_POST['address'], $_POST['product_purchased']); The first field is ID auto increment, rest are string fields. However if one of the fields I enter an apostrophe it gets escaped in the database with a slash \ so for example didn't would be stored as didn\'t I thought prepared statements are suppose to get rid of this? Is there any way to change this without calling strip slashes, or real escape string on every field? Thanks Link to comment https://forums.phpfreaks.com/topic/116072-solved-help-with-prepared-statements-and-escaping/ Share on other sites More sharing options...
accident Posted July 23, 2008 Author Share Posted July 23, 2008 Never mind, I am retarded... apparently magic quotes is turned on for this server.... Guess I will disable it in htaccess Link to comment https://forums.phpfreaks.com/topic/116072-solved-help-with-prepared-statements-and-escaping/#findComment-597521 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.