TechQA.

broken links and styles on form post to mysql, is it because of mysql_real_escape_string?

81 views Asked by At

in order to keep safe was told to

use mysql_real_escape_string before sending to Mysql if i'd be displayed

well i do:

....

   $b = mysql_real_escape_string($b);
   $r_int = mysql_real_escape_string($r_int);
   $r_ext= mysql_real_escape_string($r_ext);

   $id_tmp = $_SESSION['id'];
   $insert = "INSERT INTO table (nombre, coment, iduser,fecha)
                           VALUES ('$b','$r_int','$id_tmp',NOW())";
....

But if those values contained any <a href="where">go</a> it will turn into <a href="\where\">go</a>

and.. i can't go! haha,

how can i solve this and keep safe?

thank you!

php mysql mysql-real-escape-string broken-links
Original Q&A
2

There are 2 answers

0
rayman86 On BEST ANSWER

stripslashes function of PHP

echo stripslashes($string);

takes out the slashes and displays it like it was originally

1
Marc B On

Sounds like you might have magic_quotes_gpc or one of its ilk turned on. Older PHP versions auto-escaped everything, so by doing mysql_real_escape_string() (as you should be), you actually added another layer of escaping.

The proper solution is to turn off the magic quotes. They're deprecated and SHOULD be off, and you keep on using mysql_real_escape_string().

NOTE: Turning off magic_quotes has to be done from php.ini, or via a php_value in httpd.conf/.htaccess. You can't do it from an in-script ini_set(), because by the time that ini_set executes, PHP's already done the magic quoting.

Related Questions in PHP

Related Questions in MYSQL

Related Questions in MYSQL-REAL-ESCAPE-STRING

Related Questions in BROKEN-LINKS

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions