1

I am using mysql_real_escape_string on all of my queries. addslashes is not being used, however every time a ' is used it is escaped on the output - it is like it is being escaped by mysql_real_escape_string and then again by a PHP setting of some kind.

Is anyone aware of any setting that would cause this, it is a pain to use mysql_real_escape_string and then stripslashes?

Improve this question
8
  • 3
    Do you have magic quotes enabled? What version of PHP? Commented Aug 20, 2011 at 20:23
  • 1
    I suggest you should use a better library for mysql connections, like PDO/mysqli, because they support prepared statements, that take away all your pain when dealing with escaping data. See this: php.net/manual/en/mysqli.prepare.php (especially the examples) Commented Aug 20, 2011 at 20:24
  • 1
    Did you check status of magic quotes? php.net/manual/en/security.magicquotes.php Commented Aug 20, 2011 at 20:24
  • Thank you - I love this site, so quick with the answers! I does indeed look like magic quotes is turned on. Would you recommend using mysql_real_escape_string() and turning off magic quotes, or not use mysql_real_escape_string() and keep it turned on? Commented Aug 20, 2011 at 20:26
  • 2
    Turn magic quotes off. They're deprecated and will just cause you problems. Commented Aug 20, 2011 at 20:29

1 Answer 1

Reset to default
2

First of all make sure magic_quotes_gpc=Off in you php.ini. This would cause you to addslashes twice which would cause problems for data inserted into the db.

Also you should not be using mysql_real_escape_string or addslashes on output'ed data. Only on variables being used in query because it prevents SQL Injection.

A better way to stop sql injection is to use parameterized quires with PDO, ADODB or MySQLi.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I am not using it on output - only input. Magic quotes was on so it was escaping it via mysql_real_escape_string and then again via magic quotes, so the output contains a slash.
@user887515 cool you should mark this as the correct answer to your problem.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.