问题描述

所以，当插入数据库时​​，我做： p>

  $ lname = mysql_real_escape_string（$ _ POST ['lname']）; 
  

然后我将$ lname插入数据库。

当它在数据库中时，它显示为O\Connor。

所以，如果我记得我的Web应用程序中的姓氏，我将必须使用：

  $ lname = stripslashes（$ r [lname]）; 
  

这一切似乎都可以正常工作。但是，我有一个搜索功能，将搜索姓氏并显示结果。当我搜索时，我必须搜索O\Connor才能获得任何结果。

在我搜索后，文本框会自动存储刚刚搜索（使用会话）。所以我的代码是这样的：

  $ search = mysql_real_escape_string（$ _ GET ['search']）; 
 $ _SESSION ['search'] = $ search; 
  

像我之前说过的，当我搜索时，我必须使用O\'Connor然后在我搜索后，文本框中的值将变为O\\\\\'Connor

试图弄清楚它是令人沮丧的。有谁知道我做错了什么？谢谢！

编辑：

这是我的php5.ini文件，涉及魔术引号：

 ;魔术报价
; 
 
;传入GET / POST / Cookie数据的魔术报价。 
 magic_quotes_gpc = On 
 
;运行时生成数据的魔术报价，例如来自SQL的数据，来自exec（）等。
 magic_quotes_runtime = Off 
 
;使用Sybase风格的魔术引号（用''替代\'来转义'）。 
 magic_quotes_sybase = Off 
  

但是，我的网站托管在GoDaddy上，我没有编辑文件的权限：（

这听起来像。

检查是否实际启用：

  echo get_magic_quotes_gpc（）; 
  

，请编辑您的php.ini文件：

 ;魔术报价
; 
 
;传入GET / POST / Cookie数据的魔术报价。 
 magic_quotes_gpc = Off 
 
;运行时生成数据的魔术引用，例如来自exec（）等的SQL数据。
 magic_quotes_runtime = Off 
 
;使用Sybase风格的魔术引号（用''代替\'转义'）
 magic_quotes_sybase = Off 
  

或将此行添加到.htaccess：

  php_flag magic_quotes_gpc Off 
  

I'm quite frustrated. I want to be able to insert into my database names with single quotes - for example, O'Connor.

So, when inserting into the DB, I do:

 $lname = mysql_real_escape_string($_POST['lname']);

And then I insert $lname into the DB.

When it's in the DB, it appears as O\'Connor.

So, if I were to recall that last name in my web application, I will have to use:

 $lname = stripslashes($r["lname"]);

This all seems to work fine. However, I have a search function which will search for last names and display the results. When I search, I have to search for O\'Connor in order to get any results.

You see, after I search, the textbox automatically stores the value of what was just searched for (using sessions). So my code is this:

 $search = mysql_real_escape_string($_GET['search']);
 $_SESSION['search'] = $search;

Like I said before, when I search, I have to use "O\'Connor", and then after I search, the value in the textbox becomes "O\\\\'Connor"

It's been frustrating trying to figure this out. Does anyone know what I'm doing wrong? Thanks!

EDIT:

Here is my php5.ini file, regarding magic quotes:

 ; Magic quotes
 ;

 ; Magic quotes for incoming GET/POST/Cookie data.
 magic_quotes_gpc = On

 ; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc.
 magic_quotes_runtime = Off

 ; Use Sybase-style magic quotes (escape ' with '' instead of \').
 magic_quotes_sybase = Off

However, my site is hosted on GoDaddy, and I do not have permissions to edit the file :(

It sounds like Magic Quotes are enabled in your PHP configuration.

To check if it's actually enabled:

echo get_magic_quotes_gpc();

To disable, edit your php.ini file:

; Magic quotes
;

; Magic quotes for incoming GET/POST/Cookie data.
magic_quotes_gpc = Off

; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc.
magic_quotes_runtime = Off

; Use Sybase-style magic quotes (escape ' with '' instead of \').
magic_quotes_sybase = Off

Or add this line to your .htaccess:

php_flag magic_quotes_gpc Off

这篇关于mysql_real_escape_string和单引号的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！