Hello It’s me again
OK, I read the PHP documents and also read most of the articles in Google regarding this problem of mine but still my issue remains. I have read this article before posting herestackoverflow.com/questions/6327679/what-does-mysql-real-escape-string-really-do
The article says that it adds a backslash to special characters like \x00, \n, \r, , ', " and \x1a
But I have a form with text boxes where I have provided this function but when I type anything like \n and press submit… those gets saved in the database.
Lets say I typed John \n Doe in a text box and it gets really saved in database as John \n Doe
Please help.
Show us the code, to see how it’s being used, in case there’s an issue there. I don’t really understand it either, but someone will.
In any case you’ll want to have a read up about prepared statements which are much better way then the mysqli_real_escape_string function
http://php.net/manual/en/mysqli.quickstart.prepared-statements.php
2 Likes
I got a little clue.
We need to echo the input to see the result of that function.
Like
$name = mysqli_real_escape_string($link, $_POST['name']);
echo( $name );
So an input like O’Connor goes to Database as O’Connor but if we use echo, then it prints as O'Connor
Yup SP… Since I am a noob I am just learning the basics… I will use Prepared statements.
Try this - and spot the difference
$str = "This & is some <b>bold</b> text.";
echo '<br> ' .$str
echo '<br>' . htmlspecialchars($str);
Edit: &
system
February 20, 2017, 12:49pm
8
This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.
