keldorn Posted November 15, 2009 Share Posted November 15, 2009 So I was under the assumption that when using mysql_real_escape_string() to escape user input data, that while its the database, thing like say It's would be stored in the mysql DB as it\'s. It kind of threw me whether it was working or not. IN the database the input was not escaped, but doing an echo. $var = "'''''''''''''"; $var = mysql_real_escape_string($var); echo $var; Would print '\'\'\'\'\'\'\'\'\'\'\' But in the database it would be ''''''''''''''''''''''''''''''''' So the question is. Is that how mysql_real_escape_string works? So the data in the database won't be escaped? It unescapes in the database? While that saves some trouble when retrieving the data. Quote Link to comment https://forums.phpfreaks.com/topic/181572-question-about-mysql_real_escape_string-being-self-escaped-after-being-inserted/ Share on other sites More sharing options...
PFMaBiSmAd Posted November 15, 2009 Share Posted November 15, 2009 The \ characters are not present in the database. The \ characters are only present in the query string so that any special sql characters don't break the sql syntax of the query. Quote Link to comment https://forums.phpfreaks.com/topic/181572-question-about-mysql_real_escape_string-being-self-escaped-after-being-inserted/#findComment-957724 Share on other sites More sharing options...
Zane Posted November 15, 2009 Share Posted November 15, 2009 It is the exact same scenario as this $var = "This variable has some "quotes" in it... "; // This will throw an error $var = "This variable has some \"quotes\" in it... "; // But this won't Get it? Quote Link to comment https://forums.phpfreaks.com/topic/181572-question-about-mysql_real_escape_string-being-self-escaped-after-being-inserted/#findComment-957804 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.