mysqli_real_escape_string not escaping anything
Question
I am using mysqli_real_escape_string to escape single and double quotes etc. but it is not escaping anything. My code is as follows
$con = mysqli_connect("ip","db","pw","db");
$formtext = $_POST['formtext'];
$formtext = mysqli_real_escape_string($con, $formtext);
mysqli_query($con, "INSERT into table (formtext) VALUES ('$formtext')")
or die();
After inserting into the table the 'formtext' field contains no escapes (backslashes). What are the possible reasons for this to be happening?
1 answers
solution1
2 ACCPTED 2015-06-30 04:07:50
The data saved to the database will not contain "escapes" or escape sequences or extraneous slashes.
The database will contain the actual data supplied , which is the point of the function: to escape the input for use as SQL string content in an SQL statement.
mysqli_real_escape_string escapes special characters in a string for use in an SQL statement [as string literal content], taking into account the current charset of the connection.
If the point is to change data (and if so, be precise on what the change should be) - noting that "real_escape" or (better) parameterized queries should still be used anyway - then use the appropriate function for the task.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.