I am using mysql_real_escape_string for the input of a form before it
is updated into the mysql database. Somthing like this:
$realHTMLText = mysql_real_escape_string($_POST["NewsHTML"]);
$id = intval($_POST['ID']);
$UpdateString = "UPDATE table SET Content = '$realHTMLText' where ID
= $id";
This is on a form that allows you to edit the textarea. The problem I
am running into is that it keeps adding more slashes every time it is
updated so the data database field looks something like this:
\\\\\\\\\\\"Hello, this is some text.\\\\\\\\\\\"
Each time i run the code it adds more slasshes. Is there a way to keep
it from doing that while still protecting from sql injection?
Thanks for your time!