Using stripslashes after mysql_real_escape_string

后端 未结 3 1513
清歌不尽
清歌不尽 2021-01-16 19:10

I have to escape some inputs on a form. I used mysql_real_escape_string to escape the value but it adds a lot slashes with value inside database, the reason is i have an apo

相关标签:
3条回答
  • 2021-01-16 19:36

    If you have magic_quotes_gpc enabled you should use the stripslashes() function before escaping - otherwise you will escape twice, thus loads of slashes.

    http://se.php.net/manual/en/function.mysql-real-escape-string.php

    0 讨论(0)
  • 2021-01-16 19:42
    1. Disabling Magic Quotes
    2. mysql_real_escape_string(stripslashes($_POST['username']));
    0 讨论(0)
  • 2021-01-16 19:53

    No it's not. Check your php.ini for the magic_quotes_gpc setting. If you can't disable it use stripslashes BEFORE using mysql_real_escape_string. The link has a method to strip it globally from $_POST, $_GET and $_COOKIE. Or even better, use prepared statements with PDO

    0 讨论(0)
提交回复
热议问题