Slashes's Problem

I have having slashes problem, sometime it output \'s even though I have used mysql_real_escape_string

To insert data:


$id = $_POST['id'];
$name = mysql_real_escape_string($_POST['name']);
mysql_query("INSERT INTO categories (id, name) VALUES ('$id','$name')");

Output:


<?pho echo row['name']?>

Input data from UK: Testing’s
Database: Testing’s
Output data: Testing’s

Input data from India: Testing’s
Database: Testing\'s
Output data: Testing\'s

What is the problem?

  1. make sure magic_quotes is off (or use the strip slashes function from the manual)
  2. use prepared statements (they have been supported by even the most retarded hosts for 5 years now)

http://www.php.net/manual/en/security.magicquotes.disabling.php
http://www.php.net/manual/en/pdo.prepared-statements.php