I have been using stripslashes() in the following way for all of my SQL queries:
I recently came across mysql_real_escape_string. Is it neccessary to use this as well as stripslashes? Or is it one or the other?PHP Code:
$product_name = stripslashes($_POST['product_name']);
Are there any other functions that should be used before inserting variables into an SQL query?