I still get unescaped " in my DB. Here is my code:
$connection=mysql_connect ('localhost', $username, $password);
if (!$connection) {
die('Not connected : ' . mysql_error());
}
$name = mysql_real_escape_string($name);
$address = mysql_real_escape_string($address);
$number = mysql_real_escape_string($number);
mysql_query("INSERT INTO people (name, area, phone)
VALUES ('$name', '$address', '$number')");
}
What's wrong here?
What's wrong here?
Probably nothing. mysql_real_escape_string() escapes string data for the time of insertion only. That the data looks unchanged once it is inside the database is how it's meant to be.
Your code looks fine (except that you're not checking the query for errors, which you want to do so you can debug problems.)