Hello and thanks in advance.

I am retrieving data from the db. The data already went through mysql_real_escape_string when it was added to the db.

Once retrieved I am comparing it to a raw variable and depending upon the result I may be re-inserting the original db data back into the db into another, different, field.

My question is, do I have to use mysql_real_escape_string on this data I got from the database?

I think yes as the data could contain characters that need to be escaped and I think the backslashes are not stored in the db.

My code is:

if(isset($row['location_uri']) && $row['location_uri'] != $location_uri)
    {
    $session_previous_page = $row['previous_page_uri'];
    }
else
    {
    $session_previous_page = $row['location_uri'];
    }

Also, should I do anything with the db data before I compare it to the raw data, say from $_SERVER['REQUEST_URI']?

thanks for any help you can give.