Using stripslashes after mysql_real_escape_string

Question

I have to escape some inputs on a form. I used mysql_real_escape_string to escape the value but it adds a lot slashes with value inside database, the reason is i have an apo

Answer 1

If you have magic_quotes_gpc enabled you should use the stripslashes() function before escaping - otherwise you will escape twice, thus loads of slashes.

http://se.php.net/manual/en/function.mysql-real-escape-string.php

Answer 2

1. Disabling Magic Quotes
2. mysql_real_escape_string(stripslashes($_POST['username']));

Answer 3

No it's not. Check your php.ini for the magic_quotes_gpc setting. If you can't disable it use stripslashes BEFORE using mysql_real_escape_string. The link has a method to strip it globally from $_POST, $_GET and $_COOKIE. Or even better, use prepared statements with PDO