View Full Version : addslashes VS mysql_real_escape_string
Is there any diffrence between the two function ? I think all of them give me the same result.
06-15-2006, 02:13 PM
Yes. addslashes() escaped ", ', / and the null byte while mysql_real_escape_string() escapes \x00, \n, \r, \, ', " and \x1a.
06-15-2006, 02:37 PM
What is the best to use when you are working with imputed data that is include html code?
What is the best to use when you are working with imputed data that is just user inputted that could contain any characters & symbols?
06-15-2006, 05:10 PM
Also, addslashes() does not account for character set, so it can be fooled by sending certain multibyte characters.
if data is going into a mysql database, it should go through mysql_real_escape_string. Always.
06-16-2006, 12:06 AM
addslashes() is actually useless. For every operation that needs escaping you have a special function to do it.
Powered by vBulletin® Version 4.2.2 Copyright © 2015 vBulletin Solutions, Inc. All rights reserved.