[nycphp-talk] SQL injection and stripslashes
Ken Robinson
kenrbnsn at rbnsn.com
Thu Aug 3 07:56:30 EDT 2006
At 07:47 AM 8/3/2006, Charles Collicutt wrote:
>Say I want to store a user's name in my database and their name contains
>an apostrophe, when I escape that string a backslash will be inserted
>before the apostrophe. Later, I need to pull that name out of the
>database for display (or use elsewhere in the script or something.) How
>do I get rid of the backslash without using stripslashes or something
>similar?
I have found that when I use the function mysql_real_escape_string()
instead of addslashes() the backslash is not stored in the database.
I also have magic_quotes_runtime disabled in php.ini
Ken
More information about the talk
mailing list