Organizational Research By

Surprising Reserch Topic

Experts Most Trusted Topic


mysql real escape string and single quote using -'php,mysql,escaping,mysql-real-escape-string'


mysql real escape string and single quote  using -'php,mysql,escaping,mysql-real-escape-string'

I'm quite frustrated. I want to be able to insert into my database names with single quotes - for example, O'Connor.

So, when inserting into the DB, I do:

 $lname = mysql_real_escape_string($_POST['lname']);


And then I insert $lname into the DB.

When it's in the DB, it appears as O\'Connor.

So, if I were to recall that last name in my web application, I will have to use:

 $lname = stripslashes($r["lname"]);


This all seems to work fine. However, I have a search function which will search for last names and display the results. When I search, I have to search for O\'Connor in order to get any results.

You see, after I search, the textbox automatically stores the value of what was just searched for (using sessions). So my code is this:

 $search = mysql_real_escape_string($_GET['search']);
 $_SESSION['search'] = $search;


Like I said before, when I search, I have to use "O\'Connor", and then after I search, the value in the textbox becomes "O\\\\'Connor"

It's been frustrating trying to figure this out. Does anyone know what I'm doing wrong? Thanks!

EDIT:

Here is my php5.ini file, regarding magic quotes:

 ; Magic quotes
 ;

 ; Magic quotes for incoming GET/POST/Cookie data.
 magic_quotes_gpc = On

 ; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc.
 magic_quotes_runtime = Off

 ; Use Sybase-style magic quotes (escape ' with '' instead of \').
 magic_quotes_sybase = Off


However, my site is hosted on GoDaddy, and I do not have permissions to edit the file :(
    

asked Sep 8, 2015 by rajesh
0 votes
14 views



Related Hot Questions



Government Jobs Opening


...