Reversing the effect of `mysqli_real_escape_string`

Question

I am working on an application where user can create HTML templates and save them to the database.The templates consist of different components like text,image etc.When I tr

Answer 1

stripslashes() will remove slashes from any string, and is useful when outputting escaped data.

I believe you need to use this:

json_encode($IdLessContent, JSON_UNESCAPED_SLASHES);

with the UNESCAPED_SLASHES part, your data should be returned correctly.

Answer 2

The monkeymatrix answer is incorrect for recent versions of PHP (I tested it on 7.3). mysqli_real_escape_string() only escapes certain characters. Here is a function that will reverse it:

function reverse_mysqli_real_escape_string($str) {
    return strtr($str, [
        '\0'   => "\x00",
        '\n'   => "\n",
        '\r'   => "\r",
        '\\\\' => "\\",
        "\'"   => "'",
        '\"'   => '"',
        '\Z' => "\x1a"
    ]);
 }

In a properly-written application, there should rarely be a need for this function. You should be using PDO with parameter binding to handle any escaping automatically. I only created this function to handle some legacy code that was escaping everything on input and I needed a way to get back to the original data.