[英]mysql_real_escape_string escaping single quote into MYSQL entry
I enter this into my form field: O'mally
我在表单字段中输入以下内容: O'mally
I run this code on the text: 我在文本上运行此代码:
foreach($_POST as $key=>$value){
$form[$key] = mysql_real_escape_string($value); //Escape input.
}
The POST output is: O'mally
POST输出为: O'mally
The output of the $form
variable after running the code listed above is: O\\'mally
运行上面列出的代码后, $form
变量的输出为: O\\'mally
The query is: 查询是:
mysql_query("insert into tbl_test
(lastName)
values
('{$form['lastName']}')")
The database gets O\\'mally
inserted into it (I want O'mally
to be inserted, not WITH the escape). 数据库中获取O\\'mally
插入它(我想O'mally
要插入,不是逃避)。
What am I doing wrong here? 我在这里做错了什么?
I have confirmed that magic quotes is OFF via phpinfo()
. 我已经确认通过phpinfo()
关闭了魔术引号 。 Thanks. 谢谢。
当您需要将O'mally从数据库输出到浏览器时,只需使用stripslashes()函数。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.