[SOLVED] preg_replace(); and databases

[Wolphie]

Hi, i'm having trouble using the following function. When ever i wish to update fields in my database it automatically escapes the quotes(Which i do not want it to do) - So i've tried using regex to replace the \" with a standalone quote ".

 

Update once:

 

<div id=\"example\">Example</div>

 

 

Update twice:

 

<div id=\\\"example\\\">Example</div>

 

 

The preg_replace(); function isn't working. So i'm not sure if its my code or not. (I also do not know the hex for the backslash key)

 

 

 

			case "validate":
			@include("validate.php");

			$title = $_POST['title'];
			$description = $_POST['description'];
			$keywords = $_POST['keywords'];
			$footer = $_POST['footer'];
			$header = $_POST['header'];

			$sql = sprintf('UPDATE `site_options` SET title = \'%s\', description = \'%s\', keywords = \'%s\', footer = \'%s\', header = \'%s\'', 
    			mysql_real_escape_string($title).preg_replace(\x92\x22/g, '"'),
    			mysql_real_escape_string($description).preg_replace(\x92\x22/g, '"'),
			mysql_real_escape_string($keywords).preg_replace(\x92\x22/g, '"'),
			mysql_real_escape_string($footer).preg_replace(\x92\x22/g, '"'),
			mysql_real_escape_string($header).preg_replace(\x92\x22/g, '"')
			);

			if(mysql_query($sql))
			{
				echo 'Site Information Updated';
			}
			else
			{
				die("Error: " . mysql_error());
			}

		break;

[sKunKbad]

search for "magic quotes", and I'm sure you will find what you are looking for.

[Wolphie]

Thanks!