Home/ Questions/Q 7686457
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-31T19:29:07+00:00

I’m using prepare statements in mysqli and if I put a into one of

  • 0

I’m using prepare statements in mysqli and if I put a " into one of my params values then it escapes it and adds a backslash before it. I though mysqli didn’t have to do this?? Thanks. Example:

$comment = $members->prepare("insert into comments(comment) values(?)");
$comment->bind_param('s', $_POST['comment']);
$comment->execute();

puts \”\” into the database assuming that the comment field is equal to “”

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Your server may have magic quotes on. Check it out here http://php.net/manual/en/security.magicquotes.php It’s happened to me before, very annoying.

    quick check to see 

    if(get_magic_quotes_gpc())
        echo "Magic quotes are enabled";
    else
        echo "Magic quotes are disabled";
    • 0