I am running php 5.5.9
I am POSTing the following text to a php script that will insert it into the field of a mysql table.
This is becoming quite a nuisance ' and why is that
I am using the following code to assign POSTed data to a variable (plus debugging code.)
$ITEMDESC2 = $_POST['ITEMDESC'];
$ITEMDESC = mysqli_real_escape_string($conn1, $ITEMDESC2);
error_log("ITEMDESC: $ITEMDESC ITEMDESC2: $ITEMDESC2");
The following appears in my apache log file:
ITEMDESC: This is becoming quite a nuisance \\' and why is that
ITEMDESC2: This is becoming quite a nuisance ' and why is that
Why is $ITEMDESC being escaped with double backslashes, instead of single backslashes?
I have read that this can be caused by magic_quotes, but as I understand it, they were removed in PHP 5.4
Any insight into this would be welcome.
Edit: Adding more complete, working example as requested.
<?php
$conn1 = new mysqli('localhost', 'USER', 'PASSWORD', 'DB')
or die ('Cannot connect to db');
$ITEMDESC = "This is Bob's Text";
$ITEMDESC2 = mysqli_real_escape_string($conn1, $ITEMDESC);
$SQL = "insert into table (description) values ('{$ITEMDESC2}');";
echo "<br>ITEMDESC: {$ITEMDESC}";
echo "<br>ITEMDESC2: {$ITEMDESC2}";
echo "<br>SQL: {$SQL}";
error_log("ITEMDESC: {$ITEMDESC}");
error_log("ITEMDESC2: {$ITEMDESC2}");
error_log("SQL: {$SQL}");
?>
apache2 error log contains:
ITEMDESC: This is Bob's Text
ITEMDESC2: This is Bob\\'s Text
SQL: insert into table (description) values ('This is Bob\\'s Text');
browser output (on-screen):
ITEMDESC: This is Bob's Text
ITEMDESC2: This is Bob\'s Text
SQL: insert into table (description) values ('This is Bob\'s Text');
