[SOLVED] dashes appear beside quotation marks

[contra10]

Basically everytime I input data into mysql and I put a " or a ' the data comes out with a backslash i.e.

 

i input this into my database

 

Ram x 15'6" Canoe

and it comes out as

Ram x 15\'6\" Canoe

 

[Stuie_b]

Thats a security feature of php , it's to prevent sql injection.. to remove on output simply use stripslashes();

 

Stuie

 

[programguru]

That's a security feature.

 

If you're processing data from your db for output using php, and if your .ini is not configured to handle it, then try something like: http://www.php.net/stripslashes

[phporcaffeine]

That is sort of correct folks, however it isn't really for 'security purposes'.  It is called character escaping, and it is done so that MySQL knows where your query actually begins and ends.

 

Example:

<?php mysql_query("SELECT * FROM tbl WHERE name='bob's tackle'"); ?>

 

Without character escaping MySQL would think the query is SELECT * FROM tbl WHERE name='bob ... because what we view as an apostrophe to denote a plural tense, MySql sees as the closing apostrophe to the name condition.

 

So the above example should be:

<?php mysql_query("SELECT * FROM tbl WHERE name='bob\'s tackle'"); ?>

 

Prior to inserting data into MySQL tables you should use something like mysql_real_escape_string() (for non integer data). You generally won't need to 'strip slashes' if you use mysql_real_escape_string.

 

Character escaping goes well beyond PHP and MySQL ... it's done in nearly every syntax.

 

If you ever feel so inclined, you can trace the lineage of character escaping back to regular expressions.