Question about Mysql_real_escape_string being self escaped after being inserted.

[keldorn]

So I was under the assumption that when using mysql_real_escape_string() to escape user input data, that while its the database, thing like  say  It's  would be stored in the mysql DB as  it\'s.

 

It kind of threw me whether it was working or not.  IN the database the input was not escaped, but doing an echo.

 

$var = "'''''''''''''";
$var = mysql_real_escape_string($var);
echo $var;

 

 

Would print

 

'\'\'\'\'\'\'\'\'\'\'\'

 

But in the database it would be

'''''''''''''''''''''''''''''''''

 

 

So the question is. Is that how mysql_real_escape_string works? So the data in the database won't be escaped? It unescapes in the database? While that saves some trouble when retrieving the data.

[PFMaBiSmAd]

The \ characters are not present in the database. The \ characters are only present in the query string so that any special sql characters don't break the sql syntax of the query.

[Zane]

It is the exact same scenario as this

 

$var = "This variable has some "quotes" in it... "; // This will throw an error
$var = "This variable has some \"quotes\" in it... "; // But this won't

 

Get it?