How to insert backslashes(\) to a string with special characters in it before saving to the mysql DB

Question

I tried to use addslashes() command in my php script. But this function is not appending backslash() before special characters in the string.

Is there any other way to insert \\ before special characters in string?

Here is my code:

 function save_params() {
 global $order_status;

 $args = func_get_args();
 foreach ($args as $k => $param)
  if (isset($_REQUEST[$param])) 
$order_status[$param] = mysql_real_escape_string("$_REQUEST[$param]");
  else
   $order_status[$param] = null;
   }

From the code above, title is the string provided by the user. This may have special characters in it. I have provided mysql_real_escape string to escape special characters in it. Untill here it is fine. But the issue is i'm using javascript tooltip to hover the title for the product. Function for tooltip is provided as below:

   class="notfree{$g->id}"  
   onmouseover = "tooltip.show('{$w->title}');" 
   onmouseout="tooltip.hide();"

$w->title is the title we saved into the DB with special strings. Tooltip.show function is not displaying hover with the special characters in the title. so i want to add backslashes for the special characters in the "title" before entering into the Database.

Please help me ..i'm stuck here

Answer 1

Use mysqli_real_escape_string() or mysqli::real_escape_string() .

Or better yet, use prepared statements with mysqli or PDO .

Answer 2

Use mysqli_real_escape_String - http://php.net/manual/en/mysqli.real-escape-string.php . The best way, yet is to use prepared statements with mysqli or PDO