apostrophe in the database

[eluser]Unknown[/eluser]
Hi all, i have a problem;

I need my application to save names like "Chicho's bar", but when i use

$this->db->query() or $this->db->update()

this is stored in the database with an slash, like this "Chichos\'s bar"
and i don't wanna use stripslashes every time when i get results :S

So, How I can disable this?

pls help me !!

thanks

[eluser]SPeed_FANat1c[/eluser]
I am not an expert but I guess there isn't possible save it without \ before ' because in sql line it will then "think" that you want to write a string, and when it sees \ before ' then sql does not think that it is a string. Don't know how to explain better

[eluser]smilie[/eluser]
What speed fanatic means is following:

in case that CI (db->update) does not escape query, you would get:

UPDATE some_table SET some_field = 'Chicho's Bar';

which would result in MySQL error. This is one of the reasons. Another reason is that if you do not escape user input, you will remain vulnerable for so called MySQL injection attacks.

Cheers,
Smilie

[eluser]takasia[/eluser]
$config['global_xss_filtering'] = TRUE; in your config file should do the trick.

[eluser]Atharva[/eluser]
Try php's native

Code:

mysql_real_escape_string()

before insert/update .

[eluser]Unknown[/eluser]
Ok, thank's all, i'll try your answers.

Cheers,
Smilie

[eluser]liquidfire[/eluser]
Also you may want to convert any special charters in to their proper ascii code ' the apostrophe