\[code\]$str = 'BEGIN This is a "quote" test. \'Single\' END';echo $str . "\n";echo mysql_real_escape_string($str);// Outputs:BEGIN This is a "quote" test. 'Single' ENDBEGIN This is a \"quote\" test. \'Single\' END\[/code\]Running PHP 5.3.2 on CentOS. As far as I can remember, \[code\]mysql_real_escape_string()\[/code\] will only escape single quotes to prevent sql injections. Double quotes have nothing to do with that, because \[code\]"\[/code\] does not start or end a string literal in MySQL! This is causing backslashes to get inserted into the data! Something I clearly do not want.
Today, mysql_real_escape_string() is escaping single quotes AND double quotes
- Thread starter abuddedia
- Start date