Page 1 of 1

mysql_real_escape_string problem

Posted: Thu May 26, 2011 7:34 am
by adsegzy
Hello Friends,

am still having problem with mysql_real_escape_string in my forms. whether magic_quotes_gpc is On or Off, i still receive slashes in my entries. someone introduced this code

Code: Select all

mysql_real_escape_string(strip_tags($_POST['first_name']));
to me but stil end up in the same way. But i came up with the combination of these two

Code: Select all

$name2=stripslashes($_POST[name]);
$sname=mysql_real_escape_string($name2);
Pls can i use this or is there a better way of doing it?

Re: mysql_real_escape_string problem

Posted: Thu May 26, 2011 10:30 am
by AbraCadaver
Your first bit of code is using strip_tags() not stripslashes(). Change it and it will work.

Re: mysql_real_escape_string problem

Posted: Tue May 31, 2011 3:56 pm
by pickle

Code: Select all

$string = (magic_quotes_gpc()) ? stripslashes($_POST['first_name']) : $_POST['first_name'];
$db_safe_string = mysql_real_escape_string($string);