Hello, I am trying the understand how to save data in the mysql DB using regular experession and escapes. He is the flow: 1. Getting from the form a user name. Example: O'reiley 2. As magic_quotes_gpc is ON, the results gatheret by $_get is: O\'reiley. 3. I stripslash and now it is O'reiley. 4. I proceed regular expression checking no numeric or $ etc... are in the variable. (' is OK as it may come in reality) 5. I use mysql_real_escape_string with make the string O\'reiley. 6. I update the DB. Looking at the DB I see O'reiley (???!) Questions: - I would have expected that mysql_real_escape_string stores the escaped string in the DB. Does it means it processes to a stripslashes before storing ?
mysql_real_escape_string() makes your string query safe. In a way that no parse errors occur during the execution. Your string will be the same in your database as it was before applying mysql_real_escape_string().