-1

Correct my if I'm wrong, but I thought mysql_real_escape_string was supposed to place escape characters in front of character like (') and ("). The simple setup that I am using is below. I was expecting to see the new record created with backslashes before the above mentioned characters when viewed in phpMyAdmin but the escape characters are not present. 

$text           = mysql_real_escape_string($_POST['text']);
$detailedText           = mysql_real_escape_string($_POST['detailedText']);
$type           = mysql_real_escape_string($_POST['type']);
$image          = mysql_real_escape_string($_POST['image']);
?>
<script> alert("<?php echo $text ?>");</script>

<?php
    $result = mysql_query(
        "INSERT INTO nodes (text, detailedText, type, image) 
        VALUES ('". $text . "','" . $detailedText . "','" . $type . "','" . $image . "')");  
    mysql_close($conn);
?>
John R
  • 2,920
  • 13
  • 48
  • 62

1 Answers1

2

with mysql_real_escape_string Those escape character are not stored into database

Shakti Singh
  • 84,385
  • 21
  • 134
  • 153
  • I am not seeing them in the alert prompt either. Should I see them in the alert prompt? – John R Jun 22 '11 at 05:21
  • 2
    @JohnR: Backslashes are escape characters in javascript too :) So no you would not see them in the alert. Try looking at the source code and you should see them. – Wesley Murch Jun 22 '11 at 05:23
  • @Wesley Murch, I see them in the source code, thanks for the tip. – John R Jun 22 '11 at 05:39