如何摆脱PHP Mysql Ajax中的转义字符

Question

I am trying to send a HTML code (variable target ) through AJAX request by escape(target) , but before entering it into database i am encoding it again by following,

$post=target recieved on PHP page by POST
$post= htmlentities($_POST['posttext']);
$post = mysql_real_escape_string($post);

Now while reading it back from MySql, i am using html_entity_decode($post) to post the desired output.

PROBLEM:

On my local apache server everything is working fine but when i uploaded same code to online server, Few special characters of output are followed by \\ .

EG.

On my local server.

awk '/<ca>/{f=1;next}/<\/ca>/{f=0}f' $filename > ca.crt
awk '/<cert>/{f=1;next}/<\/cert>/{f=0}f' $filename > client.crt
awk '/<key>/{f=1;next}/<\/key>/{f=0}f' $filename > client.key

On online server.

awk \'/<ca>/{f=1;next}/<\\/ca>/{f=0}f\' $filename > ca.crt
awk \'/<cert>/{f=1;next}/<\\/cert>/{f=0}f\' $filename > client.crt
awk \'/<key>/{f=1;next}/<\\/key>/{f=0}f\' $filename > client.key

Am i missing something? Any Help?

Answer 1

Don't encode html entities just for database insertion, especially if you're just going to decode them again each time anyways. waste of cpu cycles, and does NOTHING to protect against sql injection.

Your online server probably has magic_quotes enabled, which means it's either badly configured, or badly out-dated. magic_quotes will auto-escape quotes in any input to PHP, on the moronic assumption that no one could ever possibly want to send something to PHP and then NOT put it into the database.