Using mysql_real_escape_string() on messages, they say \'
Posted: Sat Oct 13, 2007 1:53 am
In my game's private messaging system, I have an HTML form in which to enter a message, subject, and recipient (similar to phpBB). In the handler for it, I'm using mysql_real_escape_string() on the inputted data (including subject and message_text).
The problem is that whenever a user types a single quote ( ' ) in the message or text, it shows up with a backslash before it ( \' ).
Is there any way to fix that? What am I doing wrong here?
The handler code is basically like this (psuedo-code).. pretty simple:
edit:
I think I found the solution, but I want to make sure this is right. Should I use stripslashes() on the message and subject data right before it's printed to the screen? That will remove all backslashes ( \ ), apparently. But that also means that the users can't type backslashes into their messages (should they ever find the reason to..). Is this the best way to go about it despite that?
edit 2:
I implemented the solution as explained in edit 1.. and it works without flaw! Backslashes and regular slashes both display properly, as does all the rest of the text.
The problem is that whenever a user types a single quote ( ' ) in the message or text, it shows up with a backslash before it ( \' ).
Is there any way to fix that? What am I doing wrong here?
The handler code is basically like this (psuedo-code).. pretty simple:
Code: Select all
$subject = mysql_real_escape_string($_POST['subject']);
$message_text = mysql_real_escape_string($_POST['message_text']);
mysql_query("INSERT INTO blah blah blah"); // inserting that data as a new entry in the database tableI think I found the solution, but I want to make sure this is right. Should I use stripslashes() on the message and subject data right before it's printed to the screen? That will remove all backslashes ( \ ), apparently. But that also means that the users can't type backslashes into their messages (should they ever find the reason to..). Is this the best way to go about it despite that?
edit 2:
I implemented the solution as explained in edit 1.. and it works without flaw! Backslashes and regular slashes both display properly, as does all the rest of the text.