Hi
I usually use mysql_real_escape_string($_POST['field']) to avoid sql injection
But this time The form inputs contains single quotes and when I use mysql_real_escape_string it adds a lot of \\\ to the input. It causes problems. In addition I noticed $_POST adds a \ before single quotes, maybe I don't need mysql_real_escape_string anymore?
Any idea?
Thanks in advance
sql injection
Moderator: General Moderators
Re: sql injection
No. You still need it.
What you don't need is the magic_quotes INI setting. Disable that.
What you don't need is the magic_quotes INI setting. Disable that.