I have to escape some inputs on a form. I used mysql_real_escape_string to escape the value but it adds a lot slashes with value inside database, the reason is i have an apo
If you have magic_quotes_gpc enabled you should use the stripslashes() function before escaping - otherwise you will escape twice, thus loads of slashes.
http://se.php.net/manual/en/function.mysql-real-escape-string.php
mysql_real_escape_string(stripslashes($_POST['username']));
No it's not. Check your php.ini for the magic_quotes_gpc setting. If you can't disable it use stripslashes BEFORE using mysql_real_escape_string
. The link has a method to strip it globally from $_POST
, $_GET
and $_COOKIE
. Or even better, use prepared statements with PDO