MySQL and escaping strings

Forum Moderators: open

Message Too Old, No Replies

MySQL and escaping strings

How not to have to escape strings

sunroof

9:39 pm on Mar 11, 2008 (gmt 0)

Let's say I have input text field in HTML form called "text". When I fill in this text field with the sentence that contains apostrophe (') like "I'm happy" and submit it in mysql database via php, I get the following mysql error:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'm happy'...

I know I can escape this string with mysql_real_escape_string() or addslashes(), but this query worked fine on my old server, and the data was entered in mysql table without any errors and without slashes.

How can I configure mysql or php on my new server so I don't have to have all strings escaped before inserting in mysql table?

sunroof

10:12 pm on Mar 11, 2008 (gmt 0)

I found out. Turn on magic_quotes_gpc in php.ini.

physics

10:13 pm on Mar 11, 2008 (gmt 0)

sunroof, this is more of a PHP issue.
You could change the magic_quotes_gpc setting
[us2.php.net...]
However, this is depreciated.
[us2.php.net...]
It would be better to use mysql_real_escape_string() when needed (possibly in a subroutine that you use for all insert statements).