Jump to content

[SOLVED] mysql_real_escape_string question

dennismonsewicz

By dennismonsewicz
in PHP Coding Help

 Share

Recommended Posts

wildteen88 Regular Member

wildteen88

Posted
Posted

No you don't have to use strip_slashes after the use of mysql_real_escape_string.

 

However before running mysql_real_escape_string you should first run strip_slashes encase magic quotes is enabled. Forexample

 

function makeSafe($data)
{
    // undo magic_quotes
    if(get_magic_quotes_gpc())
        $data = strip_slashes($data);

    return mysql_real_escape_string($data);
}

// example usage
$myName = makeSafe($_POST['my_name_field']);

Link to comment
Share on other sites
flyhoney Member

flyhoney

Posted
Posted

Right

 

Maybe an example will help.

 

<?php
$string = "Something's that's need's escaping";
$query = "UPDATE table SET string = '" . mysql_real_escape_string($string) . "'";
$result = mysql_query();

$query = "SELECT string FROM table";
$result = mysql_query($query);
$row = mysql_fetch_assoc($result);

echo $row['string']; // Something's that's need's escaping
?>

 

If you are using mysql_real_escape_string to build your quere

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.