raku Posted April 2, 2008 Share Posted April 2, 2008 Hi guys, I'm trying to escape some text for entering it in a database. The code is like this: $text = $_POST['text']; $text = strip_tags($text); connect(); $query = sprintf("INSERT INTO text_table VALUES('', '%s')", mysql_real_escape_string($text)); mysql_query($query); The problem is that in the database, the text is not escaped, for example quotes are inputted as " and not /". Essentially the same code is used in another script and it works, and when I try echoing mysql_real_escape_string($text), it appears with slashes. Any help is greatly appreciated! Thanks. Link to comment https://forums.phpfreaks.com/topic/99269-escaping-issue/ Share on other sites More sharing options...
trq Posted April 2, 2008 Share Posted April 2, 2008 When you escape special chars all it does is allows them to be inserted into the database. The escape chars (eg \) are not stored allong with your data. If you have data in your db that does have the escape chars saved with it then you have double escaped the data somewhere along the line, and I would now suggest you try and clean it. Link to comment https://forums.phpfreaks.com/topic/99269-escaping-issue/#findComment-507918 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.