I have something like this: $foo = mysql_real_escape_string($_GET["t"]). Let's assume t = Stack's Overflow.
In this case, I echo $foo, and it would return something like Stack\\\'s Overflow. How do I stop this behavior and have $foo equal what it would be if I hadn't escaped it?
Even with strip_slashes() I still get one last slash.
This is how my string goes:
- Typed into search box
- Posts to a file where it is mysql_real_escape_string()'d
- Redirects to search?term=string
- mysql_real_escapes it again in case of $_GET manipulation
- Searches through database for that string. It is stored mysql_real_escape_string()'d from when it was created. So it would look like
Stack\'sin the database.
The string gets all the way to the last page as Stack\'s (which is what it should be). However, the query returns no results like that, even though that's the exact way it looks in the database.
Edit:
Also, it screws up when it hits an ampersand. Like if I had t = Stack & Overflow then it would only store Stack in the variable $foo.
mysql_real_escape_string? Just store a non-escaped version of the value in another variable~stripslashes(stripslashes($str))?