Ask a Question
Advertise on boostr.in
Organizational Research By
Surprising Reserch Topic
Experts Most Trusted Topic
mysql real escape string and single quote using -'php,mysql,escaping,mysql-real-escape-string'
mysql real escape string and single quote ¬†using -'php,mysql,escaping,mysql-real-escape-string'
I'm quite frustrated. I want to be able to insert into my database names with single quotes - for example, O'Connor.
So, when inserting into the DB, I do:
¬†$lname = mysql_real_escape_string($_POST['lname']);
And then I insert $lname into the DB.
When it's in the DB, it appears as O\'Connor.
So, if I were to recall that last name in my web application, I will have to use:
¬†$lname = stripslashes($r["lname"]);
This all seems to work fine. However, I have a search function which will search for last names and display the results. When I search, I have to search for O\'Connor in order to get any results.
You see, after I search, the textbox automatically stores the value of what was just searched for (using sessions). So my code is this:
¬†$search = mysql_real_escape_string($_GET['search']);
¬†$_SESSION['search'] = $search;
Like I said before, when I search, I have to use "O\'Connor", and then after I search, the value in the textbox becomes "O\\\\'Connor"
It's been frustrating trying to figure this out. Does anyone know what I'm doing wrong? Thanks!
Here is my php5.ini file, regarding magic quotes:
¬†; Magic quotes
¬†; Magic quotes for incoming GET/POST/Cookie data.
¬†magic_quotes_gpc = On
¬†; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc.
¬†magic_quotes_runtime = Off
¬†; Use Sybase-style magic quotes (escape ' with '' instead of \').
¬†magic_quotes_sybase = Off
However, my site is hosted on GoDaddy, and I do not have permissions to edit the file :(
Sep 8, 2015
to add a comment.
Related Hot Questions
Government Jobs Opening