mysql_real_escape_string() leaving slashes in MySQL

php mysql mysql-real-escape-string
Eric Lamb picture Eric Lamb · Oct 6, 2008 · Viewed 26.2k times · Source

I just moved to a new hosting company and now whenever a string gets escaped using:

mysql_real_escape_string($str);

the slashes remain in the database. This is the first time I've ever seen this happen so none of my scripts use

stripslashes()

anymore.

This is on a CentOS 4.5 64bit running php 5.2.6 as fastcgi on a lighttpd 1.4 server. I've ensured that all magic_quotes options are off and the mysql client api is 5.0.51a.

I have the same issue on all 6 of my webservers.

Any help would be appreciated.

Thanks.

Edit:

Magic Quotes isn't on. Please don't recommend turning it off. THIS IS NOT THE ISSUE.

Answer

Andy Lester picture Andy Lester · Oct 6, 2008

The host that you've moved probably has magic_quotes_runtime turned on. You can turn it off with set_magic_quotes_runtime(0).

Please turn off magic_quotes_runtime, and then change your code to use bind variables, rather than using the string escaping.

Related questions

Alternative to mysql_real_escape_string without connecting to DB

I'd like to have a function behaving as mysql_real_escape_string without connecting to database as at times I need to do dry testing without DB connection. mysql_escape_string is deprecated and therefore is undesirable. Some of my …

Read More
Should I use mysqli_real_escape string() or mysql_real_escape_string() for form data?

Possible Duplicate: mysql_escape_string VS mysql_real_escape_string I need to get company_name (given by user through a form) entered into my mysql database. When I use $company = mysqli_real_escape_string($_POST['company_name']) I get …

Read More
How to use mysql_real_escape_string function in PHP

So in this program I'm writing, I actually grab a SQL query from the user using a form. I then go on to run that query on my database. I know not to "trust" user input, so I want to …

Read More