Msg#: 4452537 posted 2:27 pm on May 12, 2012 (gmt 0)
no - the backslashes won't be in the database. You don't want them there anyways.
What you should have in your database is perfect, clean, raw and unslashed data. So if you decide to use that data you don't have to "unslash" it, unencode it, or anything like that.
What mysql_real_escape_string() does is add slashes to a string for inclusion in a SQL query, in case the string has quotes in it. It escapes the data so it can be enclosed in quotes without any funny things happening.
$query = "UPDATE table SET field = '" . $name . "'";
if $name has an apostrophe in it, the query will become:
UPDATE table SET field = 'O'Reilly'
see the problem there? SQL is going to hate that. And it's a SQL injection vulnerability.
if you use mysql_real_escape_string():
$query = "UPDATE table SET field = 'O'Reilly'" . mysql_real_escape_string($name) ."'";