Hello and thanks in advance.
I am retrieving data from the db. The data already went through mysql_real_escape_string when it was added to the db.
Once retrieved I am comparing it to a raw variable and depending upon the result I may be re-inserting the original db data back into the db into another, different, field.
My question is, do I have to use mysql_real_escape_string on this data I got from the database?
I think yes as the data could contain characters that need to be escaped and I think the backslashes are not stored in the db.
My code is:
if(isset($row['location_uri']) && $row['location_uri'] != $location_uri)
{
$session_previous_page = $row['previous_page_uri'];
}
else
{
$session_previous_page = $row['location_uri'];
}
Also, should I do anything with the db data before I compare it to the raw data, say from $_SERVER['REQUEST_URI']?
thanks for any help you can give.
