mysqli_prepared_statement escapes single and double quotes?
I am using mysqli_prepared statements to insert into data base as follows:
//insert the poll
$stmnt_insert_poll = mysqli_prepare($con,'INSERT INTO `tblpolls`
(`poll_user_id`, `poll_type_id`, `poll_title`, `poll_details`,
`poll_img`) VALUES (?, ?, ?, ?, ?);');
mysqli_stmt_bind_param($stmnt_insert_poll,'ddsss',$_SESSION['userid'],$_POST['cbotypes'],$_POST['txttitle'],$_POST['txtdetails'],$new_image_name);
if(!mysqli_stmt_execute($stmnt_insert_poll))
{
$query_success = false;
}
$new_poll_id = mysqli_stmt_insert_id($stmnt_insert_poll);
mysqli_stmt_close($stmnt_insert_poll);
I disabled Magic quotes from WHM Cpanel but it still adds backslash to the
single and double quotes. The odd thing is that I still see
"magic_quotes_gpc-On-On" in phpinfo()
I DO NOT WANT TO escape the double quotes only but it shows the
backslashes when trying to select it and view it again.
No comments:
Post a Comment