0

read: \"you fail at life =]\" yuh
is being put into the database from a form submit obviously i dont want the backslashes. how do i get the backslashes rom being inserted into the mysql db table?
my code is $code = mysql+real_escape_string($_POST[code]);
then insert it with mysql query. how do i make the backslashes disapear but it still be safe from mysql injections?

Edited by Reverend Jim: Fixed formatting

3
Contributors
4
Replies
5
Views
8 Years
Discussion Span
Last Post by somedude3488
0

The backslashes are what make the query safe from MySQL injections. They prevent the user from placing quotes that end a string into the query without be escaped (Placing a backslash in front of the quote). To my best knowledge, the backslashes dissapear when you perform a SELECT FROM MySQL query. If they don't you could simply use the stripslashes() function to remove the backslashes:

//MySQL Code Here
$result_string = stripslashes($result_string);
0

ok if i use strip slashes after the thing does it mean im not safe from mysql injections? yeah ive had them disappear too but this one its not so thats why im asking i thot it was odd.

0

No you don't use stripslashes() after you use mysql_real_escape_string() . You use it when you get the data back from the database. If you remove the backslashes, you are allowing a MySQL injection. You have to simply live with the backslashes and then when you get one of the row that is backslashed, you can use strip slashes to remove the backslashes. Here's an example:
insert.php

<?php
mysql_query("INSERT INTO table (id, value) VALUES(NULL, '".mysql_real_escape_string($POST['value'])."')");
?>

getValue.php

<?php
mysql_query("SELECT * FROM table");
while($arr=mysql_fetch_array())
{
  echo "ID: ".$arr['id']." VALUE: ".stripslashes($arr['value'])."\n";
}
?>
0

You can also do:

$query = mysql_query("SELECT * FROM table");
while( $arr = array_map('stripslashes',mysql_fetch_array( $query )) ) {
  echo "ID: {$arr['id']} VALUE: {$arr['value']}\n";
}
This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.