Jump to content

Recommended Posts

... comes out as ...

 

Where exactly does it "come out" with a backslash? In the database? In a web page? Somewhere else?

 

You should be using an appropriate escaping function, such as mysql_real_escape_string, before writing a value to the database. But you should not be using that same function on data being sent to a web page. Which means you should only escape for the database when building the query.

 

WRONG

$name = mysql_real_escape_string($_POST['name']);

$sql = "INSERT INTO table VALUES('$name')";

echo $name;

 

 

NOT WRONG

$name = $_POST['name'];

$sql = "INSERT INTO table VALUES('" . mysql_real_escape_string($name) . "')";

echo htmlspecialchars($name);

A requinix said, it's the magic_quotes.

 

If ON, your data has slashes added automatically, so "O'Donnel" is passed from the form as "O\'Donnel". If you then addslashes or real_escape the data it becomes "O\\\'Donnel" which then gets written the database as "O\'Donnel"

Interesting... I found it, turned it off, its still inserting / into my database....

Really its from the Initial PHP form -->.JS--->PHP (looking in my Charles debugger, it shows correct in the Posting)-, then using the

$name= $_POST['name']; --->.JS --->php to write it to MySQL database

It messes up somehwere in these last few transfers, which I'm not exactly sure where..... Still hunting.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.