mysql_real_escape_string problem

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
adsegzy
Forum Contributor
Posts: 184
Joined: Tue Jul 28, 2009 9:26 am

mysql_real_escape_string problem

Post by adsegzy »

Hello Friends,

am still having problem with mysql_real_escape_string in my forms. whether magic_quotes_gpc is On or Off, i still receive slashes in my entries. someone introduced this code

Code: Select all

mysql_real_escape_string(strip_tags($_POST['first_name']));
to me but stil end up in the same way. But i came up with the combination of these two

Code: Select all

$name2=stripslashes($_POST[name]);
$sname=mysql_real_escape_string($name2);
Pls can i use this or is there a better way of doing it?
User avatar
AbraCadaver
DevNet Master
Posts: 2572
Joined: Mon Feb 24, 2003 10:12 am
Location: The Republic of Texas
Contact:

Re: mysql_real_escape_string problem

Post by AbraCadaver »

Your first bit of code is using strip_tags() not stripslashes(). Change it and it will work.
mysql_function(): WARNING: This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQLextension should be used. See also MySQL: choosing an API guide and related FAQ for more information.
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Re: mysql_real_escape_string problem

Post by pickle »

Code: Select all

$string = (magic_quotes_gpc()) ? stripslashes($_POST['first_name']) : $_POST['first_name'];
$db_safe_string = mysql_real_escape_string($string);
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
Post Reply