addslashes() vs mysql_real_escape_string()...the final debate - SitePoint Forums

		SitePoint Forums > Forum Index > Program Your Site > PHP
addslashes() vs mysql_real_escape_string()...the final debate

Mark Forums Read

New to SitePoint Forums? Register here for free!

SitePoint Sponsor

Prev

Previous Post

Next Post

Next

Jan 19, 2006, 20:35	#1
aamonkey SitePoint Guru Join Date: Sep 2004 Location: kansas Posts: 673	addslashes() vs mysql_real_escape_string()...the final debate addslashes() and mysql_real_escape_string() are an equal solution to cleansing data before it's inserted in a database. There, I've said it. I've done quite a bit of web searching to prove this point to myself, but I'm very curious about why people swear by mysql_real_escape_string(). The only things people seem to say about mysql_real_escape_string() is that it's safer...and somehow they always fail to mention why it's safer. Character encoding.....ok--I don't quite grasp it all. Just show me any kind of sql injection that gets by addslashes() but not mysql_real_escape_string().

Bookmarks

« Previous Thread | Next Thread »

Thread Tools
Show Printable Version Email this Page
Display Modes
Switch to Linear Mode Switch to Hybrid Mode Threaded Mode

Posting Rules
You may not post new threads You may not post replies You may not post attachments You may not edit your posts BB code is On Smilies are On [IMG] code is On HTML code is Off

Sponsored Links

Forum Jump

All times are GMT -7. The time now is 01:29.

Notice: This Website takes advantage of web standards that your browser may be unable to support. This site may not display in the way it was intended in some browsers. However the page content should still be perfectly viewable in any internet capable device.

The contents of this webpage are copyright © 1998-2008 SitePoint Pty. Ltd. All Rights Reserved.

Web Design & Development by SitePoint, Melbourne, Australia - Logo Design, Web page Design - 99designs.com