I am trying to insert a product name and description with single quotes (Men's Shirt) and backslashes (shirt size M \ 38 ) into my table. Here is my code
<?php
require 'connection.php';
// Usually I populate these values from POST
$s_no=1;
$prod_name = "Men's Shirt";
$prod_desc = "High quality Men's shirt size M \ 38";
$safe_prod_name = mysqli_real_escape_string($connect,$prod_name);
$safe_prod_desc = mysqli_real_escape_string($connect,$prod_desc);
$insert = "INSERT INTO `test`(`s_no`, `product_name`, `product_desc`) VALUES (?,?,?);";
$query = mysqli_stmt_init($connect);
if (!mysqli_stmt_prepare($query, $insert)) {
header("Location: test.php?error=DBINSERTError");
exit();
} else {
mysqli_stmt_bind_param($query, "iss",$s_no , $safe_prod_name, $safe_prod_desc);
mysqli_stmt_execute($query);
}
?>
After inserting, data in the table looks like this
+------+--------------+----------------------------------------+
| s_no | product_name | product_desc |
+------+--------------+----------------------------------------+
| 1 | Men\'s Shirt | High quality Men\'s shirt size M \\ 38 |
+------+--------------+----------------------------------------+
I saw many SO posts, and many suggest using stripslashes() and checking whether magicquotes are turned off. I have also added php_flag magic_quotes_gpc Off in .htaccess file to ensure that. But still this backslash is getting inserted into the table. I cannot use stripslashes while retrieving because "High quality Men's shirt size M \ 38" will become "High quality Men's shirt size M 38 ".
kindly suggest to overcome this issue.
