What you quote is probably from the doc, but as far as I know it’s not necessarily true.
addslashes
adds slashes to characters that are commonly disturbing. mysql_real_escape_string
escapes whatever MySQL needs to be escaped. This may be more or less characters than what addslashes
takes care of.
Also, mysql_real_escape_string
will not necessarily add slashes to escape. While I think it works if you do it that way, recent versions of MySQL escape quotes by putting two of them together instead of by putting a slash before it.
I believe you should always use your data provider’s escape function instead of addslashes
, because addslashes
may either do too much or not enough work for the purpose you use it. On the other hand, mysql_real_escape_string
knows what to do to prepare a string for embedding it in a query. Even if the specs change about how to escape stuff and suddenly it’s not backslashes that you should use anymore, your code will still work because mysql_real_escape_string
will be aware of it.