I am using mysqli_real_escape_string in php to escape content before putting it into the db. But I am worried that I might escape some valid email, and therefore a person would not be able to log in because their email is not represented properly in the db. Has anyone encountered a problem like this? Will any valid emails suffer from escaping problem?
It doesnt modify the value per se.
Essentially it converts it so that it can be put safely into a query. But that conversion makes the database see the varible as you would if you echo it, for example. The escaping just modifies a variable so that it cannot run a command.
You can see what I mean by creating a variable with quotes in, echoing it. Escape it, echo it. You'll see its changed such that the quote s have backslashes preceding them. then run a select query selecting just that string. The return will be your inital variable.
So to answer your question - I dont believe there is any string that, after escaping with mysql real escape string and inserting into the database, has a different value from your starting string.
Thanks, that explanation helped a great deal.
This topic is now closed. New replies are no longer allowed.