In PHP, I am escaping characters before insert in a MySQL database using mysql_real_escape_string
$array_to_insert = array_map('mysql_real_escape_string', $my_arr);
$mysql->setTbl("mytable");
$id = $mysql->insertArray($array_to_insert);
When saving, double quotes are being saved as escaped with a . I do not want this, since some of the data is HTML and it may contain tags like <a href="www.stackoverflow.com"> etc, which will be saved as <a href="www.stackoverflow.com"> and then displayed incorrectly in a WordPress setup.
I have read elsewhere on stackoverflow that to avoid escaping the double quotes, one must first insert (as above) then select and insert into a table again.
Is there a way to solve this issue without having to select and re-insert?
Thanks
(note: the database I am using is in utf-8 format)
Your server may have magic_quotes enabled. Check it with
Otherwise, it’s probably something you are doing beforehand or that your db library is doing.
mysql_real_escape_stringonly escapes the string so that it is safe to use in a SQL query. It can’t help if the string is already escaped to begin with.You could always strip slashes on the way out using http://php.net/manual/en/function.stripslashes.php
for instance:
alternatively, just remove all escaped double quotes: