Home/ Questions/Q 7957895
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-04T04:20:02+00:00

I have a form and a user enters eg (note apostrophe at end of

  • 0

I have a form and a user enters eg (note apostrophe at end of string)

My Bday'

Now, I want to strip apostrophes, simple as that… not escape them, not add slashes just get rid of them

Firstly I have the following:

$event_title = mysql_real_escape_string($_POST['event_title']);

echo "<br /><br /><br />event title is $event_title";

Which results in the following being returned:

event title is My Bday\\\'

Why 3 slashes?

So, then I go ahead and deal with this by using the following:

$event_title = str_replace("'", "", $event_title); 

$event_title = stripslashes($event_title);

Then I return it again to check results

echo "<br /><br /><br />event title is $event_title";

I get the following:

event title is My Bday\

Any ideas what’s happening? I simply want to strip apostophes and slashes but somehow it’s not happening

magic_quotes_gpc is off by the way

If I don’t use stripslashes therefore leaving them in for MySQL to deal with I get the following error:

You have an error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near 'Private',
event_notes = '' where user_event_id = '35'' at line 3

update user_events set event_date = '2012-11-17', event_title = 'My Bday\\\',
event_vis = 'Private', event_notes = '' where user_event_id = '35'

OK, a further EDIT:

I tried this:

$event_title = $_POST['event_title'];

$event_title = str_replace("'", "", $event_title);

$event_title = trim($event_title);

$event_title = mysql_real_escape_string($event_title);

echo "<br /><br /><br />event title is $event_title";

and I get this:

event title is My Bday\\

I simply want to get rid of apostrophes, clearly something else is going on here but its got me!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    What’s happening is this:

    mysql_real_escape_string escapes all the characters that should be escaped by adding a slash in front of a character being escaped. But adding just a slash will lead to storing the character as unescaped within the DB, therefore also the slash must be escaped prior to inserting…

    That’s why You have My BDay\\\'. If this value is stored into a DB the final result will be My BDay\'.

    But when You do str_replace("'", "", 'My BDay\\\''); You will end up with My BDay\\\ and after calling stripslashes on this You will get My BDay\ – that is absolutely correct!

    So don’t bother with how the string looks like after calling mysql_real_escape_string, just store that value into the DB and after retrieving it You will end up with My BDay' again…

    EDIT How You come to just one slash from the three after calling stripslasshes? The function goes from the start of the string to its end and looks for any slash escaped characters to remove the escaping slash. So it finds first two slashes and removes one, but still two remains (the one just processed and the third one), so it processes next two slasshes it finds that will result in just one slash remaining…

    If You’d call stripslashes on the string My BDay\\\' – that will lead to My BDay'

    EDIT2 My bad… The next two slashes are added probably because You have magic_quotes_gpc ON – turn that off or call mysql_real_escape_string(stripslashes($string)).

    • 0