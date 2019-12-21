New coder question here:
I can’t quite figure out when I need to use PHP’s addslashes on my data I am adding and retrieving from my database.
Some of my data has single quotations (i.e.: Smith’s )
The database seems to store data in VARCHARs with single quotes just fine.
Do I need to use addslashes on my string variables I am storing in the database?
Here is an example of one of my queries:
$mod_Name="Smith's";
$mod_Image="smiths.jpg";
$sql="INSERT INTO Footers (name, image) VALUES (?,?)";
$stmt = $pdo->prepare($sql);
$stmt->execute([$mod_Name, $mod_Image]);
$stmt = null;
I’m not sure how the above works with MySQL. My concern, is that if the execute then converts my $sql into a single quoted statement that gets queried, the above will show as: ‘INSERT INTO Footer (name, image) VALUES (‘Smith’s’, ‘smiths.jpg’);’
Any guidance on this would be appreciated.