Wordpress Database Output - Remove SQL Injection Escapes

Question

I'm having a problem using $wbdb. When I insert or update data using $wpdb->insert or $wpdb->update, the SQL injection protection actually inserts the \' into the database, and when outputting that information it has the SQL escape with it. (ie: My Value\'s Escaped).

I know there's gotta be a way to escape this using a wordpress function, but I haven't been able to find it searching google and the wordpress codex. ...So what's that function, or what am I doing wrong (seems like the '\' shouldn't really get to the database in the first place) Thanks!

Answer 1

It looks as if magic_quotes are enabled on the server you are using.

There are a number of SO questions and answers that deal with what they are, why they're bad, and how to get rid of them, so I won't explicitly explain here, but suggest you look at a few of the following:

• http://stackoverflow.com/questions/220437/magic-quotes-in-php
• http://stackoverflow.com/questions/370292/work-around-magic-quotes-or-just-make-sure-theyre-off
• http://stackoverflow.com/questions/1153741/how-can-i-disable-php-magic-quotes-at-runtime
• http://stackoverflow.com/questions/517008/how-to-turn-off-magic-quotes-on-shared-hosting
• http://stackoverflow.com/questions/648307/php-protecting-itself-from-sql-injections