mysql auto stripslashes when select contents from db?

Question

i'm in a strange situation, in my server when i insert string to DB with mysql_real_escape_string then i print it, everything is ok and looks like mysql make an auto stripslashes! for example i save tes't then print it: tes't but in my localhost with php 4.2 installed i give tes\'t with same code. whats mystery of mysql?? like to know how must insert and select data to db safe and clean, once forever! because it makes me really confuse!

Answer 1

You likely have magic quotes turned on. Rather than trying to work around this, you should just turn it off. If you don't have access to the server, you should still deal with it in a global manner. For example:

if ( ( function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc() ) || ini_get('magic_quotes_sybase') ) {
    foreach ( $_POST as $k => $v ) { $_POST[$k] = stripslashes($v); }
    foreach ( $_GET as $k => $v ) { $_GET[$k] = stripslashes($v); }
    foreach ( $_COOKIE as $k => $v ) { $_COOKIE[$k] = stripslashes($v); }
}

Putting that at the beginning of your code makes sure magic quotes is dealt with on every occassion, meaning you won't have to keep track of where you have to deal with magic quotes.

More information in the notes here: http://www.php.net/manual/en/function.get-magic-quotes-gpc.php

Answer 2

It depends likely on PHP's magic quotes settings, more a PHP mystery than a MySQL mystery :) Instead of using mysql_real_escape_string(), you can use a more general function:

function escape($s)
{
    if (get_magic_quotes_gpc()) $s=stripslashes($s);
    return mysql_real_escape_string($s);
}

With this code you check whether the option is active and performs a first stripping.