Hello It’s me again
OK, I read the PHP documents and also read most of the articles in Google regarding this problem of mine but still my issue remains. I have read this article before posting here
The article says that it adds a backslash to special characters like \x00, \n, \r, , ', " and \x1a
But I have a form with text boxes where I have provided this function but when I type anything like \n and press submit… those gets saved in the database.
Lets say I typed John \n Doe in a text box and it gets really saved in database as John \n Doe
Show us the code, to see how it’s being used, in case there’s an issue there. I don’t really understand it either, but someone will.
In any case you’ll want to have a read up about prepared statements which are much better way then the mysqli_real_escape_string function
I got a little clue.
We need to echo the input to see the result of that function.
$name = mysqli_real_escape_string($link, $_POST['name']);
echo( $name );
So an input like O’Connor goes to Database as O’Connor but if we use echo, then it prints as O'Connor
Yup SP… Since I am a noob I am just learning the basics… I will use Prepared statements.
Try this - and spot the difference
$str = "This & is some <b>bold</b> text.";
echo '<br> ' .$str
echo '<br>' . htmlspecialchars($str);
This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.