I'm really confused here, can someone explain this to me?
request:
http://example.com/test.php?var=String's
$a = $_GET["var"];
$b = "String's";
echo $a . "<br/>";
echo $b . "<br/>";
$output = mysql_real_escape_string($a);
$output = mysql_real_escape_string($b);
echo "<hr/>";
echo $a . "<br/>";
echo $b . "<br/>";
result:
String\'s
String's
----------------
String\'s
String's
Could someone explain to me not only why my GET variable is being transformed like this, but how I can remove this behavior such that my input is exactly as it was sent? I'm having an issue where my SQL wrapper passes this through mysql_real_escape_string() and ends up being String\\\'s :(
It's called "magic quotes".