ravix76 Posted September 3, 2010 Share Posted September 3, 2010 I'm trying to add some Escaped Data to a MYSQL 5 Database. Variable when input is test"security I then escape it with mysql_real_escape_string (); As a test, I echo the variable before submitting to the db and it shows as test\"security But then when I view it in myPHPAdmin after submission, it appears as test"security i.e. not escaped I'm obviously wanting to protect against SQL injection and am a little baffled! Cheers Ravix Quote Link to comment https://forums.phpfreaks.com/topic/212478-characters-not-escaped-in-database/ Share on other sites More sharing options...
PFMaBiSmAd Posted September 3, 2010 Share Posted September 3, 2010 The \ characters are NOT inserted into the database. They only exist in the query string so that special sql characters can be put in as data rather than being operated on as part of the sql syntax. Quote Link to comment https://forums.phpfreaks.com/topic/212478-characters-not-escaped-in-database/#findComment-1107034 Share on other sites More sharing options...
ravix76 Posted September 4, 2010 Author Share Posted September 4, 2010 Thanks! New to this and thought I was going mad! Quote Link to comment https://forums.phpfreaks.com/topic/212478-characters-not-escaped-in-database/#findComment-1107039 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.