I would just like to put this code out there since no such mysql function exists to unescape a escaped string. If you have any improvements, let me know.


function mysql_real_unescape_string($input,$checkbr) {

$output = $input;
$output = str_replace("\\\\", "\\", $output);
$output = str_replace("\'", "'", $output);
$output = str_replace('\"', '"', $output);

if ($checkbr==1) {

$output = str_replace('\n\r', '\n', $output);
$output = str_replace('\r\n', '\n', $output);
$output = str_replace('\r', '\n', $output);
$output = str_replace('\n', ' ', $output);

} else if ($checkbr==2) {

$output = str_replace('\n\r', '\n', $output);
$output = str_replace('\r\n', '\n', $output);
$output = str_replace('\r', '\n', $output);
$output = str_replace("\n", "
", $output);

}

return $output;

}
?>


Just wanted to save people time trying to find an official mysql function to do it for them. To use, write 'mysql_real_unescape_string(*source*)'. :)

Random: top99gaming, I cracked your site, just wanted you to know so you could patch it. I am just being friendly and wanted you to know :D .

So you hacked into someones site to be "friendly"? :|

So you hacked into someones site to be "friendly"? :|

I've done it plenty of times. Better to do it and let the person know, rather than the person having an insecure site, and possibly get hacked by someone malicious, and have his/her entire site deleted.

Why would you ever need to unescape a mysql string?

It comes out of the database already unescaped, you only escape the query, not the answer.

Anyways this would be better posted on the php.net user comments.

Doesn't for me, strange...:confused:

I've done it plenty of times. Better to do it and let the person know, rather than the person having an insecure site, and possibly get hacked by someone malicious, and have his/her entire site deleted.

Wouldn't it have been better to PM said person than to post it in a random thread he might not read and where anyone can read?

Hey cr0w, I got a script you could use... do you want it? The default scroller on your site looks kinda ugly, so I have this javascript one that looks could and can be customized with images. I have one on my site, gameDeviants (http://www.gamedeviants.com/) used on the shoutbox. Do you want it?

Hey cr0w, I got a script you could use... do you want it? The default scroller on your site looks kinda ugly, so I have this javascript one that looks could and can be customized with images. I have one on my site, gameDeviants (http://www.gamedeviants.com/) used on the shoutbox. Do you want it?

No thanks, once IE starts learning how to read rowspan and stops stretching my tables, i'll be removing the scrollbar anyway. :p

You need to account for magic quotes and stripslashes() where necessary.

Be sure not to treat info already stored in your database as safe just because its there.
If you stripslashes() or unescape and you use that variable in another query, you need to mysql_escape_string() again, or you can be hacked this way.