Mchl Posted December 18, 2009 Share Posted December 18, 2009 Ok. That's how it should be done, when no magic_quotes are enabled <?php mysql_connect('localhost','root',''); mysql_select_db('test'); mysql_query('CREATE TABLE IF NOT EXISTS emopoops (emo VARCHAR(200))'); $string = "O'reilly c:\\wamp\\www"; echo $string.PHP_EOL; // echoes: O'reilly c:\wamp\www $stringEscaped = mysql_real_escape_string($string); echo $stringEscaped.PHP_EOL; //echoes: O\'reilly c:\\wamp\\www mysql_query("INSERT INTO emopoops (emo) VALUES ('$stringEscaped')"); $result = mysql_query('SELECT * FROM emopoops'); $row = mysql_fetch_assoc($result) echo $row['emo'].PHP_EOL; //echoes: O'reilly c:\wamp\www mysql_query('DROP TABLE emopoops'); As you can see, no stripslashes is needed. Link to comment https://forums.phpfreaks.com/topic/185613-data-not-escaped-in-the-database/page/2/#findComment-980197 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.