query to PDO causes unwanted escaping

2018-07-03 14:52:45

I have recently been switching all of my old mysql_query calls to PDO's. I've encountered an issue that wasn't present in the mysql_query configuration. When I try to input a variable into a database with quotations, It appears as escapes in my database. I have disables magic quotes in my php.ini file.

$myString = "Enter 'one' now";
$sql=$pdo->prepare("UPDATE $tbl_name SET string=:myString WHERE etc...);
$sql->execute(array(':myString' => $myString));

This updates to

Enter 'one' now

What I need is

Enter 'one' now

This wasn't happening before I switched to PDO. Is there a way around this without losing security?

Thanks!

You have magic quotes enabled on your server, the PHP documentation for it tells you various ways you can turn it off.

In regards to your comment: You can also try creating a php.ini file in your home directory with the following:

magic_quotes_gpc = off
magic_quotes_runtime = off
magic_quotes_sybase = off

If that doesn't work, then contact your host to address the issue.

链接地址: http://www.djcxy.com/p/93664.html

上一篇: 如何处理PHP和PDO中的用户文本输入？

下一篇: 查询到PDO导致不需要的转义