Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

reverse mysql_real_escape_string

Tags:

php

mysql

I have a piece of data that is large and will probably contain quotes and double quotes.

I'm using mysql_real_escape_string() to store it safely.

When I pull it out to look at it, all the quotes are escaped. I tried using str_replace to just get rid of all the quotes, but that turns \r\n's into rn. :(

How can I reverse it so the data comes back out the way it went in?

like image 535
Ryan Avatar asked Jul 23 '09 11:07

Ryan


People also ask

Is mysql_real_escape_string deprecated?

This extension was deprecated in PHP 5.5. 0, and it was removed in PHP 7.0.

What is the use of mysql_real_escape_string () function?

The real_escape_string() / mysqli_real_escape_string() function escapes special characters in a string for use in an SQL query, taking into account the current character set of the connection.

Does mysql_real_escape_string prevent SQL injection?

mysql_real_escape_string ALONE can prevent nothing. Moreover, this function has nothing to do with injections at all. Whenever you need escaping, you need it despite of "security", but just because it is required by SQL syntax. And where you don't need it, escaping won't help you even a bit.

Why does mysql_real_escape_string need a connection?

mysql_real_escape_string() and prepared statements need a connection to the database so that they can escape the string using the appropriate character set - otherwise SQL injection attacks are still possible using multi-byte characters.


2 Answers

Who says?

$keyword = "TEST'TEST";

$result1 = mysql_real_escape_string($keyword);
echo $result1 --> TEST\'TEST

$result2 = nl2br(stripslashes($result));
echo $result2 --> TEST'TEST
like image 92
jonathan Avatar answered Oct 12 '22 14:10

jonathan


Do you use magic quotes?

Note: If magic_quotes_gpc is enabled, first apply stripslashes() to the data. Using this function [mysql_real_escape_string] on data which has already been escaped will escape the data twice.

like image 24
OIS Avatar answered Oct 12 '22 13:10

OIS