I’m trying to use mysqli_real_escape_string in some code to add values into a MySQL table, but for some reason anything wrapped in mysqli_real_escape_string isn’t entered into the table at all (other data is fine and the query works). I was trying to figure why. I heard that a “magic quotes” setting on the hosting server might be the reason but wanted to know what else might be possibly causing this.
This is an example of data being taken from the input form and added to the DB:
[PHP]
$address = mysqli_real_escape_string(@$_POST[‘_Address’]);
[/PHP]
If I take it out, it works fine- like this:
[PHP]
$address = @$_POST[‘_Address’];
[/PHP]
However I want to use some sort of function to check the data as a security measure. Is there an equivalent function I can use instead?
Otherwise I will try and get hold of the server hosts and see if they can enable this.