sean04 Posted April 20, 2010 Share Posted April 20, 2010 Hey, So as of right now i'm escaping characters as follows: $Name = htmlspecialchars(mysql_real_escape_string($_POST['Name'])); When I edit my name to something like this "Sean's" the output will be "Sean\'s" I expected this but how can it just appear as "Sean's" but still escape characters? I know there are some functions and stuff out there or ways around it.. Thanks, Sean Link to comment https://forums.phpfreaks.com/topic/199129-escaping-characters/ Share on other sites More sharing options...
cags Posted April 20, 2010 Share Posted April 20, 2010 If you can visibly see the backslash character then it is being double escaped, this is probably because you have magic_quotes enabled on the server. You can use something like if(get_magic_quotes_gpc()) { stripslashes($var); } $var = mysql_real_escape_string($var); Link to comment https://forums.phpfreaks.com/topic/199129-escaping-characters/#findComment-1045123 Share on other sites More sharing options...
Mchl Posted April 20, 2010 Share Posted April 20, 2010 Also htmlspecialchars should be called before mysq_real_escape_string, not the other way round. Link to comment https://forums.phpfreaks.com/topic/199129-escaping-characters/#findComment-1045131 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.