Home/ Questions/Q 6869849
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T03:36:34+00:00

i use mysql_real_escape_string php function for escape data recieved from a form. my code

  • 0

i use mysql_real_escape_string php function for escape data recieved from a form. my code for recieve form data is :

$std_id     =   mysql_real_escape_string($_POST['std_id']);
$name       =   mysql_real_escape_string($_POST['name']);
$family     =   mysql_real_escape_string($_POST['family']);

for example if enter O’reilly string in name form field , this function work fine and my query done too.but when i go to mysql and my table , see that this string is inserted like O’reilly and not O\’reilly.
my query is :

$sql    =   "insert into student set 
            std_id  =   $std_id,
            name    =   '$name',
            family  =   '$family',
            ";

this happens when use addslashes() function too.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    This is exactly what is supposed to happen. You want to insert the string O'reilly into the database, not O\'reilly, right?

    The slashes merely tell MySQL that the next ' is supposed to be a literal apostrophe, and not the apostrophe/single quote denoting the end of the string.

    PS: You might want to consider using PDO and prepared statements, which offer a much cleaner syntax.

    • 0