Home/ Questions/Q 624655
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-13T19:13:26+00:00

I am submitting a form to my MySQL database using PHP. I am sending

  • 0

I am submitting a form to my MySQL database using PHP.

I am sending the form data through the mysql_real_escape_string($content) function.

When the entry shows up in my database (checking in phpMyAdmin) all of my double quotes and single quotes are escaped.

I’m fairly certain this is a PHP configuration issue?

so:

$content = 'Hi, my name is Jascha and my "favorite" thing to do is sleep';
mysql_real_escape_string($content);
$query = 'INSERT INTO DB...'

comes up in my database as:

Hi, my name is Jascha and my \”favorite” thing to do is sleep

Who do I tell what to do? (I cannot access the php.ini).

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You need to take magic quotes into account when retrieving request data. If get_magic_quotes_gpc() is true, then you need to run stripslashes() on the input. Best way would be to write a function for that. Something like:

    function get_string($array, $index, $default = null) {
    if (isset($array[$index]) && strlen($value = trim($array[$index])) > 0) {
        return get_magic_quotes_gpc() ? stripslashes($value) : $value;
    } else {
        return $default;
    }
}

    ..which you can use as

    $input = get_string($_POST, 'input');

    ..instead of

    $input = $_POST['input'];

    Do the same for trivial stuff like get_number(), get_boolean(), get_array() and so on.

    • 0