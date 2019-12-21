New coder question here:

I can’t quite figure out when I need to use PHP’s addslashes on my data I am adding and retrieving from my database.

Some of my data has single quotations (i.e.: Smith’s )

The database seems to store data in VARCHARs with single quotes just fine.

Do I need to use addslashes on my string variables I am storing in the database?

Here is an example of one of my queries:

$mod_Name="Smith's"; $mod_Image="smiths.jpg"; $sql="INSERT INTO Footers (name, image) VALUES (?,?)"; $stmt = $pdo->prepare($sql); $stmt->execute([$mod_Name, $mod_Image]); $stmt = null;

I’m not sure how the above works with MySQL. My concern, is that if the execute then converts my $sql into a single quoted statement that gets queried, the above will show as: ‘INSERT INTO Footer (name, image) VALUES (‘Smith’s’, ‘smiths.jpg’);’

Any guidance on this would be appreciated.