Jump to content

mysql_real_escape_string


GingerRobot

Recommended Posts

Just a couple questions on which i want to check the answer.

If i use mysql_real_escape_string, i do not need to add slashes and i can also turn off magic_quotes_gpc, is that correct?

And secondly, if i am using mysql_real_escape_string, do i still need to strip slashes after retrieving information from the database?

Thanks,

Ben
Link to comment
Share on other sites

Myql_real_escaspe_string does the same as using addslashes, htmlspecialchars, htmlentities (with ENT_QUOTES)

No you dont need to use stripslashes. PHP will remove these automatically, even if you have magic_quotes_gpc disabled.

When using mysql_real_escape_string you need to be connect to MySQL to use it.
Link to comment
Share on other sites

Ok, thanks for the help but one further question

You say that i do not need to use stripslashes because PHP does that for me. Is that only if i use mysql_real_escape_string? If i were to use addslashes on data to be inserted into a database, i would need to use stripslashes on retrieval?

I already do use mysql_real_escape_string, but im just trying to fully understand the differant ways in which it works.
Link to comment
Share on other sites

I did a bit of testing and incase anyone is interested...
With magic_quotes_gpc off, if you do not do anything to a string such as ' and try to enter it into the database you get an error. If you apply mysql_real_escape_string() to it, it enters it into the database, although, interestingly, it does not enter the version with the slashes applied, rather it simply shows ' Unless, of course, phpMyAdmin has stripped the slashes which is a possibility. However, if you echo the string after applying mysql_real_escape_string, it shows up as \'.

And yes, whe you retreive the data, there is no need for stripslashes.
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.