New coder question here:
I can’t quite figure out when I need to use PHP’s addslashes on my data I am adding and retrieving from my database.
Some of my data has single quotations (i.e.: Smith’s )
The database seems to store data in VARCHARs with single quotes just fine.
Do I need to use addslashes on my string variables I am storing in the database?
Here is an example of one of my queries:
$mod_Name="Smith's"; $mod_Image="smiths.jpg"; $sql="INSERT INTO Footers (name, image) VALUES (?,?)"; $stmt = $pdo->prepare($sql); $stmt->execute([$mod_Name, $mod_Image]); $stmt = null;
I’m not sure how the above works with MySQL. My concern, is that if the execute then converts my $sql into a single quoted statement that gets queried, the above will show as: ‘INSERT INTO Footer (name, image) VALUES (‘Smith’s’, ‘smiths.jpg’);’
Any guidance on this would be appreciated.