[SOLVED] Post data automatically escaped?

[Jesper]

Hi everyone,

 

For a couple of days now I've been trying to work out a way to insert data in a MySQL database while preventing from SQL-injection. Something that's really strange tho, is this:

$data=$_POST["val"];

echo $data;

When I enter a single quote (') in the input field, it for some reason echo's \', instead of just '. That's really weird, it seems like the post data is automatically escaped.

 

Does anyone know why this is, and how to fix it?

 

 

Thanks,

 

Jesper

[aeonsky]

You may have magic_quotes enabled.

 

http://us3.php.net/magic_quotes

[Jesper]

That's it! Thanks a lot mate!

 

I'm now using get_magic_quotes_gpc() and stripslashes, however, as the function will be removed from PHP 6.0.0, would there be another way around this, as this is a script for clients and I don't want them to have it not work once PHP6 comes.

[PFMaBiSmAd]

In php6 get_magic_quotes_gpc() will always return FALSE so your code will continue to work as expected.

[Jesper]

Ah, great! Thanks for the information .