开发者

Stripping slashes from mysql_real_escape_string output in PHP

开发者 https://www.devze.com 2023-02-15 05:44 出处:网络
I have something like this: $foo = mysql_real_escape_string($_GET[\"t\"]). Let\'s assume t = Stack\'s Overflow.

I have something like this: $foo = mysql_real_escape_string($_GET["t"]). Let's assume t = Stack's Overflow.

In this case, I echo $foo, and it would return something like Stack\\\'s Overflow. How do I stop this behavior and have $foo equal what it would be if I hadn't escaped it?

Even with strip_slashes() I still get one last slash.

This is how my string goes:

  1. Typed into search box
  2. Posts to a file where it is mysql_real_escape_string()'d
  3. Redirects to search?term=string
  4. mysql_real_escapes it again in case of $_GET manipulation
  5. Searches through database for that string. It is stored mysql_real_escape_string()'d from when it was created. So it would look like Stack\'s in the database.

The string gets all the way to the last page as Stack\'s (which is what it should be). However, the query returns no results like that, even though that's the exact way it looks in the database.

Edit:

Also, it screws up when it hits an ampersand. Like if I had t = Stack & Overflow开发者_开发技巧 then it would only store Stack in the variable $foo.


Either disable magic quotes or strip slashes from the GET variable before escaping it.


Assuming you have already disabled magic_quotes (as of php 5.2.0, default) it may simply be that you are escaping your your output more than once.

It may help to just check for that, since the purpose of the function is to put, literally, the same data in the db, as you mean, rather than odd characters that will be misinterpretted on retrieval.

0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号