Decoding mysql_real_escape_string() for outputting HTML

Question

I\'m trying to protect myself from sql injection and am using:

mysql_real_escape_string($string);

When posting HTML it looks something like

Answer 1

You got everything messed up.

mysql_real_escape_string don't need any decoding.

if you get your data back with slashes, it means that it has been escaped twice. And instead of stripping out the extra slashes you should just not to add them.

Not to mention that whatever escaping is obsoleted and you ought to

use prepared statements

instead of whatever escape string.

So, never escape, never decode.
The problem solved.