When "warrior's" get inserted into database it comes out as "warrior\'s"

[TeddyKiller]

When "warrior's" get inserted into database it comes out as "warrior\'s"

 

How can I prevent it?

I've tried "addslashes($_POST['name']);" and "stripslashes($_POST['name']);"

 

Thanks

[ryancanulla]

Try this on the way in

 

html_entity_encode($row['content'], ENT_QUOTES);

 

And this on the way out

html_entity_decode($row['content'], ENT_QUOTES);

 

[TeddyKiller]

      $insert['name'] = html_entity_encode($_POST['name'], ENT_QUOTES);

      $query = $db->autoexecute('items', $insert, 'INSERT');

 

Then when I call it to be displayed.. do..

html_entity_decode($row['name'], ENT_QUOTES);

 

Correct? - When I say "comes out" I mean, it gets inserted in the database as "warrior\'s" even though we type it as "warrior's" in the textbox.

[Wolphie]

Use stripslashes() before inserting the data into the database.

 

http://php.net/manual/en/function.stripslashes.php

[TeddyKiller]

We tried that, didn't work.

Realised there was another change we made

Works now. Thanks.

[KevinM1]

Use stripslashes() before inserting the data into the database.

 

http://php.net/manual/en/function.stripslashes.php

 

Eh, not the best practice.  You should instead use whatever escape mechanism is appropriate for the db you're using (e.g., mysql_real_escape_string).

[Wolphie]

 

Eh, not the best practice.  You should instead use whatever escape mechanism is appropriate for the db you're using (e.g., mysql_real_escape_string).

 

That wasn't intended to sanitize the input data. It was simply a solution to his problem (i.e. removing the slashes from his input string).

 

mysql_real_escape_string() prepends backslashes, which I assume he was already using since he was trying to remove the backslashes from his quotes.