...

View Full Version : addslashes VS mysql_real_escape_string



Dooq
06-15-2006, 12:57 PM
Is there any diffrence between the two function ? I think all of them give me the same result.

marek_mar
06-15-2006, 01:13 PM
Yes. addslashes() escaped ", ', / and the null byte while mysql_real_escape_string() escapes \x00, \n, \r, \, ', " and \x1a.

lansing
06-15-2006, 01:37 PM
What is the best to use when you are working with imputed data that is include html code?

What is the best to use when you are working with imputed data that is just user inputted that could contain any characters & symbols?

Kid Charming
06-15-2006, 04:10 PM
Also, addslashes() does not account for character set, so it can be fooled by sending certain multibyte characters.

GJay
06-15-2006, 10:34 PM
if data is going into a mysql database, it should go through mysql_real_escape_string. Always.

marek_mar
06-15-2006, 11:06 PM
addslashes() is actually useless. For every operation that needs escaping you have a special function to do it.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum