mysql escape string vs addslashes

Forum Moderators: open

Message Too Old, No Replies

Is addslashes enough?

7:49 am on Sep 6, 2006 (gmt 0)

In some references, it is mentionned that addslashes is secure enough against evil injection data for MYSQL query?

While in other references, it is said that addslashes is not enough and that mysql_escape_string should be used.

Lastly, it is also said that using addslashes is better for its compatibility and possibility to work with multiple database type.

So what is best?

12:25 pm on Sep 6, 2006 (gmt 0)

mysql_real_escape_string escapes what MySQL needs escaped, while addslashes only escapes what PHP thinks needs to be escaped.

Additionally, addslashes has been removed from php6. So to future-proof your code you'd want to use mysql_real_escape_string.

Read up on them at php.net:
[php.net...]
[php.net...]

12:58 pm on Sep 6, 2006 (gmt 0)

Thanks Sonjay,

It is always good to know that PHP6 will drop addslashes.

Cheers