PDA

View Full Version : What's the deal with addslashes()?



djr33
03-23-2006, 08:19 AM
I'm working with a database and input from a text field that I want to be html compatible... so... sure, it cause problems with the mysql syntax when the input is transfered to a variable then to the mysql command within quotes if there are quotes in the input.
In short... I figured out that addslashes() works because it makes the quotes characters, not commands, kinda.

My real question is why.

I understand that you're trying to 'escape'... but... does mysql automatically convert to something like what stripslashes() would do in php?

Pretty simple question, but feel free to go into a bit more detai if you want. A simple answer is fine, though.

thanks.

Twey
03-23-2006, 08:57 AM
It basically adds backslashes before any quotes. You would be better advised to use mysql_real_escape_string (http://uk.php.net/manual/en/function.mysql-real-escape-string.php)().