RyanSF07 Posted August 13, 2009 Share Posted August 13, 2009 Hello, I just tested mysql_real_escape_string by posting some sql to my test database and nothing is escaped when I check the entry. What am I missing? $description = mysql_real_escape_string($_POST['description_text']); I'm inserting $description into the database -- when I insert single and double quotes they aren't escaped. I've got collation set to utf8_unicode_ci on the server. Looks like the manual to me -- what am I doing wrong? thanks, Ryan Quote Link to comment https://forums.phpfreaks.com/topic/170166-solved-mysql_real_escape_string-question/ Share on other sites More sharing options...
mikesta707 Posted August 13, 2009 Share Posted August 13, 2009 post the string you are inputting, and what you are expecting the output to be Quote Link to comment https://forums.phpfreaks.com/topic/170166-solved-mysql_real_escape_string-question/#findComment-897642 Share on other sites More sharing options...
PFMaBiSmAd Posted August 13, 2009 Share Posted August 13, 2009 The escape characters \ are NOT inserted into the database. They are present in the query so that the special SQL characters they are escaping are treated as data and not as special SQL characters. Quote Link to comment https://forums.phpfreaks.com/topic/170166-solved-mysql_real_escape_string-question/#findComment-897643 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.