Look at this example to see what I mean:
- Code: Select all
$db = //mysqli connection string here
$str = "this is' a string";
$str = mysqli_real_escape_string($db, $str);
echo $str; //outputs this is\' a string -- which is what should happen
mysqli_query($db, "INSERT INTO table (row) VALUES('$str')");
Now the data is put into the database, but when I look, the "\" is removed. I've tried this with mysql and mysqli, same thing for both. Also did a fresh install of XAMPP.