I enter this into my form field: O'mally
I run this code on the text:
foreach($_POST as $key=>$value){
$form[$key] = mysql_real_escape_string($value); //Escape input.
}
The POST output is: O'mally
The output of the $form variable after running the code listed above is: O\'mally
The query is:
mysql_query("insert into tbl_test
(lastName)
values
('{$form['lastName']}')")
The database gets O\'mally inserted into it (I want O'mally to be inserted, not WITH the escape).
What am I doing wrong here?
I have confirmed that magic quotes is OFF via phpinfo(). Thanks.
When you need to output O'mally from database to browser, just use stripslashes() function.