Posted by Simon Harris on 03/23/07 22:33

> It's weird... if magic_quotes_runtime were on, that would be the cause.
> But if its off, I suppose that when you insert data into mysql using
> mysql_real_escape_string(), it's in fact quoted twice before inserting.
>
> Maybe you're inserting data that comes from GET/POST?
> If so, check also magic_quotes_gpc directive.

magic_quotes_gpc is on, and yes I am inserting data from a POST.

I take it from this there is a conflict when using
mysql_real_escape_string() together with magic_quotes_gpc, as I understand
it, my POST data is effectivley being double escaped?

I wish I could rememeber why I started using mysql_real_escape_string() in
the first place - There was something that wasn't working, but perhaps I
mis-diagnosed it, although mysql_real_escape_string() fixed the issue!

Thank you for your help - I will stop using mysql_real_escape_string() for
now and wait for the issue to reappear, then have a re-think. Although If I
am wrong in what I have posted above...Please do let me know!

Simon.

--------------------------------------------------------------------------------
I am using the free version of SPAMfighter for private users.
It has removed 5822 spam emails to date.
Paying users do not have this message in their emails.
Try SPAMfighter for free now!

[Back to original message]