I have a complicated form where I first have to take some $_GET parameters

Question

0

Asked: May 20, 20262026-05-20T11:45:09+00:00 2026-05-20T11:45:09+00:00

I have a complicated form where I first have to take some $_GET parameters

0

I have a complicated form where I first have to take some $_GET parameters and obviously I have to do a mysql_real_escape_string() on them since I look stuff up in the database with them.

Them problem for me is after the initial db lookup. When the user submits a form, I send them along as a $_POST request and obviously have to do this mysql_real_escape_string call again just in case someone tries to hack my site with a faked form submission.

Then the problem I have is the arguments are escaped twice and my queries begin to look strange like this:

select field1 , field2 , from my_table where some_id = \'.$lookup_id.\' ...

So the system seems to be adding \’ and it is messing me up 🙂
Also, in my other forms I have not seen such behavior. Any ideas on what may be causing this?

One weird thing is that I tried to send unescaped parameters to the post, and the same problem happens. That is a clue, but not a sufficient one for me. 🙁

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-20T11:45:10+00:00

Editorial Team

2026-05-20T11:45:10+00:00Added an answer on May 20, 2026 at 11:45 am

The stripslashes http://php.net/manual/en/function.stripslashes.php function may be of use – run that before you do your escaping?

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have a complicated form where I first have to take some $_GET parameters

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply