SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Addict Banana Man's Avatar
    Join Date
    Dec 2005
    Posts
    389
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    mysql_real_escape_string

    Hi,

    Im using the mysql_real_escape_string() function on user inputs when uploading to my database so if some enters something like banana's the ' doesnt cause a problem.

    When i go to print a string like this though it is printing it as banana's" (adding the " at the end).

    Is their a function i should be using when printing out this string so that it doesn't add the " at the end?

    Thanks

  2. #2
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    What does your code look like? Input and Output.
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  3. #3
    SitePoint Addict Banana Man's Avatar
    Join Date
    Dec 2005
    Posts
    389
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    PHP Code:
    $article mysql_real_escape_string($_POST['textfield2']); 
    Then i just upload this with an INSERT INTO mysql query.

    When im printing it out again im using:

    <?php echo $article; ?>

    Thanks

  4. #4
    SitePoint Enthusiast
    Join Date
    Apr 2007
    Posts
    57
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    May be you have magic_quotes_gpc On.
    This means that it is already escaping single quote and with function it is again doing that. Thus two single quotes.
    Price Comparison Script - Start your own price comparison website
    Adbrite clone - Start your own ad network

  5. #5
    SitePoint Evangelist
    Join Date
    Aug 2005
    Posts
    453
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    PHP Code:
    if (!get_magic_quotes_gpc()) {
        
    $article mysql_real_escape_string($_POST['textfield2']);
    } else {
        
    $article $_POST['textfield2']

    You can use the above code to check if the function is the problem, even if magic quotes is not on and your data is being escaped it would be in the form of backslashes "\". Is this value stored in the database in this form? Check your insert query and make sure it is not the culprit.
    Computers and Fire ...
    In the hands of the inexperienced or uneducated,
    the results can be disastrous.
    While the professional can tame, master even conquer.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •