mysqli real escape string

2018-07-03 14:50:40

i'm escaping a string using the OOP method of mysqli_real_escape_string. i saved the input being entered into a session variable to make sure it's escaping correctly. it seems to be escaping correctly, but when i check what gets entered into the database i don't see the slashes before single and double quotes.

so in the browser i echo:

Array
(
    [formContent] => I'm always here!
)

but in the database i see:

I'm always here!

Does this mean there's something wrong with my code somewhere? Thanks!

No, it's normal. mysqli_real_escape_string automatically escape the single quote for you.

When you have the string,

I'm always here!

mysqli_real_escape_string processed it as

I'm always here!

so it will be saved on the database. That's how it works.

mysqli_real_escape_string — Escapes special characters in a string for use in an SQL statement, taking into account the current charset of the connection

what it does it escape single quote (save from sql injection at some level)

hello 'world

mysqli_real_escape_string processed it as

hello 'world

you can use stripslashes to remove

链接地址: http://www.djcxy.com/p/93660.html

上一篇: PHP的pdo双引号也越来越逃脱

下一篇: mysqli真正的转义字符串