mysql_real_escape_string VS addslashes

by

What you quote is probably from the doc, but as far as I know it’s not necessarily true.

addslashes adds slashes to characters that are commonly disturbing. mysql_real_escape_string escapes whatever MySQL needs to be escaped. This may be more or less characters than what addslashes takes care of.

Also, mysql_real_escape_string will not necessarily add slashes to escape. While I think it works if you do it that way, recent versions of MySQL escape quotes by putting two of them together instead of by putting a slash before it.

I believe you should always use your data provider’s escape function instead of addslashes, because addslashes may either do too much or not enough work for the purpose you use it. On the other hand, mysql_real_escape_string knows what to do to prepare a string for embedding it in a query. Even if the specs change about how to escape stuff and suddenly it’s not backslashes that you should use anymore, your code will still work because mysql_real_escape_string will be aware of it.

More Related Contents:

  1. If number have inside number string [closed]
  2. recurring system my sql query [closed]
  3. Php date() Date and time is stuck [closed]
  4. Cannot modify header information [duplicate]
  5. Gather column name of a table from database [closed]
  6. inserting information and image in php and mysql
  7. CodeIgniter – foreach loop
  8. Project Links do not work on Wamp Server
  9. PHP/MySQL insert row then get ‘id’
  10. Using Jquery Ajax to retrieve data from Mysql
  11. Laravel migration: unique key is too long, even if specified
  12. Laravel Eloquent select all rows with max created_at
  13. PHP, MySQL error: Column count doesn’t match value count at row 1
  14. displaying an image stored in a mysql blob
  15. MySQL – count total number of rows in php
  16. Advantages Of MySQLi over MySQL [closed]
  17. Fix Access denied for user ‘root’@’localhost’ for phpMyAdmin
  18. PHP PDO vs normal mysql_connect
  19. Can I create a database using PDO in PHP?
  20. PHP PDO and MySQLi [duplicate]
  21. SQLSTATE[HY000] [2002] A connection attempt failed.. – When attempting to connect from Local to remote server
  22. How to store an array into mysql?
  23. MySQL Error “Too many connections”
  24. Warning: mysql_num_rows() expects parameter 1 to be resource, object given [duplicate]
  25. Error 1148 MySQL The used command is not allowed with this MySQL version
  26. How can I debug why simplest MySQL query returns false?
  27. Connect to remote MySQL server with SSL from PHP
  28. how to execute mysql command DELIMITER
  29. Cannot figure out how to run a mysqli_multi_query and use the results from the last query
  30. PDO and MySQL ‘between’

Leave a Comment