Remove escaped characters

Okay, so say I have some user input that selects something from a mysql database.

I want to be safe from mysql injection so in order to do so I'd use the mysql_real_escape_string() function. But after that, I want the quote or whatever is bad from my string out o开发者_StackOverflow社区f the variable completely.

EXAMPLE- :

my title variable = Herp'
escape with mysql_real_escape_string()....
then my variable = Herp\' 

Now, I want the bad quote out of there. So, I want to remove the backslash & character after the backslash.. so it looks like 'Herp'.

How would I do that?

sorry if that's confusing.

If you just want to filter out quotes instead of escaping them, simply try

$myTitleVar = str_replace(array("'", '"'), '', $myTitleVar);

Before inserting it into the DB, I'd still recommend running it through mysql_real_escape_string() or even better, use PDO and parameter binding.

use stripslashes

but I would dig why that is happening. Check your magic quotes settings. For safety reasons is it good to have then set to off