I have several post variables that I run through the following:
$input_name = mysqli_real_escape_string($dbc, trim($_POST['input_name']));
I have run several tests where I echo $input_name and other like variables before the insert query executes. The echo indicates that they are indeed getting escaped as they should.
However, when I login to phpmyadmin to look at my entries in the DB, I see that characters that should be escaped are not. Do I have a problem here? Is something happening between my variable declaration and the query that I am not aware of?
Are there php or server settings that could be influencing this?
note: I realize PDO is the way to go, I am just not there at this particular moment.
The echo indicates that they are indeed getting escaped as they should.
This indicates that your characters are escaped.
when I login to phpmyadmin to look at my entries in the DB, I see that characters that should be escaped are not
Now as you are escaping means that you want to those characters as it is rather than PHP or you database taking them internally as delimiters.
Like if you want
'in your input as it is, so your are escaping it.So now when database(mysql) sees it that is is escaped so it won’t considered it as a
single quotethat is used for string literals in MySQL.If you don’t escape it then MySQL will consider all the part between two
'as string literals.So everything is fine, don’t worry about it.