Am I using mysqli_real_escape_string correctly?
Question
I'm escaping a string using the OOP method of mysqli_real_escape_string . I saved the input being entered into a session variable to make sure it's escaping correctly. It seems to be escaping correctly, but when I check what gets entered into the database I don't see the slashes before single and double quotes.
So in the browser I echo:
Array
(
[formContent] => I\'m always here!
)
But in the database I see:
I'm always here!
Does this mean there's something wrong with my code somewhere?
2 answers
solution1
5 ACCPTED 2012-12-12 06:34:00
No, it's normal. mysqli_real_escape_string automatically escape the single quote for you.
When you have the string,
I'm always here!
mysqli_real_escape_string processed it as
I\'m always here!
so it will be saved on the database. That's how it works.
solution2
0 2012-12-12 06:36:08
mysqli_real_escape_string— Escapes special characters in a string for use in an SQL statement, taking into account the current charset of the connection
what it does it escape single quote (save from sql injection at some level)
hello 'world
mysqli_real_escape_string processed it as
hello \'world
you can use stripslashes to remove \\
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.