On Thu, January 3, 2008 1:22 pm, Adam Williams wrote: > In my form, I am parsing all the text inputs through > mysql_real_escape_string() before inserting the data. however, when I > look at the SQL query in PHP, when I type the word blah's to my text > box > variable, and then insert it into mysql after being ran through > mysql_real_escape_string(), it does: > > insert into contract (contract_id, responsibility) VALUES (15, > 'blah\\\'s') > > and when I query the in mysql/PHP it shows: > > select responsibility from contract where contract_id = 15; > +----------------+ > | responsibility | > +----------------+ > | blah\'s | > +----------------+ > 1 row in set (0.00 sec) > > and when I run that select statement in PHP it prints blah\'s on the > screen. I want it to print back blah's without the \. So what are my > options? run every variable through stripslashes(); before printing > them to the screen?
TURN OFF MAGIC QUOTES!!! Sorry for shouting. Not really, though. :-) Magic Quotes GPC in php.ini is ALREADY (trying to) escaping your data, before you filter it. This is just plain bassakwards, but was conceived back in the good ol' days when the 'net was a kinder, gentler place. But since Magic Quotes already escaped the data, and added \' for every ' that was there, *YOUR* mysql_real_escape_string was adding \\\' for the original ', because there was already a \ in there from Magic Quotes, which needs escaping, just as ' does: Stage 1: Original data: blah's Stage 2: Magic Quotes GPC tells PHP to do this as it crams stuff into $_POST blah\'s Stage 3: mysql_real_escape_string converts that to: blah\\\'s Stage 4: MySQL stores what you told it to store: blah\'s Stage 5: You select it, and you get what you put in: blah\'s Magic Quotes GPC should just be turned OFF, period. If you have any data already put into your database with both Magic Quotes and mysql_real_escape_string, then you will need to: lock the DB pull all the data out run stripslashes on all affected data call mysql_real_escape_string on affected data put affected data back in turn OFF magic quotes unlock the DB -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
