OK, somewhere this has been answered but my searching was not fruitful in finding it and I am new at the SQL injection stuff.
I have a form where a user inputs some information. After the user clicks Submit, the form info is then checked for injection attacks as follows (there are 15 data inputs and this is the same way but only showing one):
$variable1= mysqli_real_escape_string(htmlspecialchars($_POST['variable1']));
All goes OK as the check passes and the data is inserted into MySQL database. The hope is that if the user entered “another’s information” (with the apostrophe) that the database entry would be “another\'s information” and is does show that way
Now, I want to retrieve that data onto a webpage but do NOT want the slashes in it to show. I am not sure how to write the select statement to possibly use stripslashes or is there another/better way to do this?
BTW, my provider is using PHP 5.2 but said I could upgrade to their 5.4 area if I want so would like to make this work at both levels.
Thanks
E