RyanSF07 Posted August 13, 2009 Share Posted August 13, 2009 Hello, I just tested mysql_real_escape_string by posting some sql to my test database and nothing is escaped when I check the entry. What am I missing? $description = mysql_real_escape_string($_POST['description_text']); I'm inserting $description into the database -- when I insert single and double quotes they aren't escaped. I've got collation set to utf8_unicode_ci on the server. Looks like the manual to me -- what am I doing wrong? thanks, Ryan Link to comment https://forums.phpfreaks.com/topic/170166-solved-mysql_real_escape_string-question/ Share on other sites More sharing options...
mikesta707 Posted August 13, 2009 Share Posted August 13, 2009 post the string you are inputting, and what you are expecting the output to be Link to comment https://forums.phpfreaks.com/topic/170166-solved-mysql_real_escape_string-question/#findComment-897642 Share on other sites More sharing options...
PFMaBiSmAd Posted August 13, 2009 Share Posted August 13, 2009 The escape characters \ are NOT inserted into the database. They are present in the query so that the special SQL characters they are escaping are treated as data and not as special SQL characters. Link to comment https://forums.phpfreaks.com/topic/170166-solved-mysql_real_escape_string-question/#findComment-897643 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.