Cless Posted October 30, 2007 Share Posted October 30, 2007 Hello. Recently I have been using mysql_real_escape_string, which prevents SQL Injections. There is only one problem, it add a \ to any quote. Although this is HOW it prevents database attacks, it gets pretty annoying. Is there a way to remove that slash when you output (display) the data? Thanks! Link to comment https://forums.phpfreaks.com/topic/75395-mysql_real_escape_string/ Share on other sites More sharing options...
kenrbnsn Posted October 30, 2007 Share Posted October 30, 2007 Use the stripslashes() function. Ken Link to comment https://forums.phpfreaks.com/topic/75395-mysql_real_escape_string/#findComment-381368 Share on other sites More sharing options...
micah1701 Posted October 30, 2007 Share Posted October 30, 2007 are you sure you're not using addslashes() or using the escape_string() twice? while mysql_real_escape_string() adds slashes to the query statement string, they shouldn't be stored in the database that way... Link to comment https://forums.phpfreaks.com/topic/75395-mysql_real_escape_string/#findComment-381372 Share on other sites More sharing options...
Cless Posted October 30, 2007 Author Share Posted October 30, 2007 No, I'm not using any of them twice. :S Any ways, the function worked! Thanks to both of you. Link to comment https://forums.phpfreaks.com/topic/75395-mysql_real_escape_string/#findComment-381377 Share on other sites More sharing options...
MadTechie Posted October 30, 2007 Share Posted October 30, 2007 a bit of a shot in the dark here, are magic_quotes on ? try this if (!get_magic_quotes_gpc()) { $lastname = addslashes($_POST['lastname']); } else { $lastname = $_POST['lastname']; } but to resolve the problem Use the stripslashes() function. Ken Link to comment https://forums.phpfreaks.com/topic/75395-mysql_real_escape_string/#findComment-381430 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.