|
No you want to make sure you are comparing ' to '. When you take input from a form with magic_quotes_gpc enabled, this escapes the ' to become \'. You stripslash it so it removes the escape from the string. Since PHP isn't sensitive to using the addslashes (implicitly from the magic_quotes) and the mysql_real_escape_string, it would definitely corrupt the data when inserting to a database. Likewise, since you are not comparing using the SQL query itself, you need to make sure the state of the apostrophe is the same in both the input string and the retrieved string.
If you are seeing ' I'd suspect that is coming from your storage where htmlentities were used to convert it. Don't convert with htmlentities before storage; use it after selection instead. That said, assuming it is also the case the htmlentities can be used on the input string (using the ENT_QUOTES as the second parameter) to compare the two.
|