mysql_real_escape_string only when needed?

joecooper · April 20, 2012

Hi, I have an HTML Area on an admin section of my site. The HTML gets submitted to a MySQL database, but gets parsed using mysql_real_escape_string. The problem i have just noticed, is that upon every edit, it gets parsed again, and again.

Here is the code:

$updatequery = "UPDATE zen_blog SET content = '" . mysql_real_escape_string($htmlcontent) . "', active=$activate WHERE id = $updateid";
$doupdate = $db->Execute($updatequery);

Here is the result:

<h2 class=\\"\\\\\\"\\\\\\\\\\\\\\"page_title\\\\\\\\\\\\\\"\\\\\\"\\">

Is it possible to only use it where its needed?

Thanks!

Joe

scootstah · April 20, 2012

You probably have magic quotes on which attempts to automatically escape user input.

Try turning it off in the php.ini.

joecooper · April 21, 2012

If i dont use mysql_real_escape_string, it gives mysql errors. so i dont think it is turned on.

litebearer · April 21, 2012

http://docs.simplemachines.org/index.php?topic=479.0

PFMaBiSmAd · April 21, 2012

There's also a magic quotes setting (magic_quotes_runtime) that escapes data when it is retrieved from a database.

Sign In

mysql_real_escape_string only when needed?

Recommended Posts

joecooper

Link to comment

Share on other sites

scootstah

Link to comment

Share on other sites

joecooper

Link to comment

Share on other sites

litebearer

Link to comment

Share on other sites

PFMaBiSmAd

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information