Decoding mysql_real_escape_string() for outputting HTML

Question

I\'m trying to protect myself from sql injection and am using:

mysql_real_escape_string($string);

When posting HTML it looks something like

Answer 1

Even if it's an old question... I've had the same problem than Peter Craig. In fact I've to deal with an old CMS. In order to prevent SQL Injection, all $_POST and $_GET values are "sql-escaped". Unfortunatly this is done in a central point so all your modules are receiving all data sql-escaped! In some cases you want to directly display these data so you face a problem: how to display a sql-escaped string without gettng it from DB? The answer is: use stripcslashes (NOT stripslashes!!)

http://php.net/manual/en/function.stripcslashes.php