problem with ' in a string of an update

pelegk2

i have this update :

$SET=" Set_name='".addslashes($Set_name)."',

and the

$Set_name= blabla'balvla

when i do this update i see in the db :
blabla\'balvla
must i have this i the db?
if yes it means i need to use stripslashes all the time

Drakla

I think 90% of people seem to be confused about doing stripslashes. When you enter data into MySQL with a query it does have to have slashes. If the data has come from a form and you've got magic quotes OFF then add them with addslashes, or mysql_escape_string. If it's ON and you're adding no other data that has special characters there's no need to do it.

And here's the main thing you DON'T have to do stripslashes on data coming from the database UNLESS magic_quotes_runtime is set on in php.ini. Everyone seems to think you have to do stripslashes on data from queries and it's just not the case.

get_magic_quotes_gpc() will return 1 if your form data is already slashed, and get_magic_quotes_runtime() will tell you if your database data is slashed

Quotes need to go around character fields for inserts or updates, so

$q="INSERT INTO mytable (name,surname,age) VALUES ('Tom','Cobbly',25)";

Which wouldn't actually put the quotes in the database, just Tom. This would make the name Tom have quotes around it in the database

$q="INSERT INTO mytable (name,surname,age) VALUES ('\'Tom\'','Cobbly',25)";