i use mysql_real_escape_string php function for escape data recieved from a form. my code for recieve form data is :
$std_id = mysql_real_escape_string($_POST['std_id']);
$name = mysql_real_escape_string($_POST['name']);
$family = mysql_real_escape_string($_POST['family']);
for example if enter O'reilly string in name form field , this function work fine and my query done too.but when i go to mysql and my table , see that this string is inserted like O'reilly and not O\'reilly. my query is :
$sql = "insert into student set
std_id = $std_id,
name = '$name',
family = '$family',
";
this happens when use addslashes() function too.