Results 1 to 2 of 2

Thread: What's the deal with addslashes()?

  1. #1
    Join Date
    Mar 2006
    Location
    Illinois, USA
    Posts
    12,164
    Thanks
    265
    Thanked 690 Times in 678 Posts

    Default What's the deal with addslashes()?

    I'm working with a database and input from a text field that I want to be html compatible... so... sure, it cause problems with the mysql syntax when the input is transfered to a variable then to the mysql command within quotes if there are quotes in the input.
    In short... I figured out that addslashes() works because it makes the quotes characters, not commands, kinda.

    My real question is why.

    I understand that you're trying to 'escape'... but... does mysql automatically convert to something like what stripslashes() would do in php?

    Pretty simple question, but feel free to go into a bit more detai if you want. A simple answer is fine, though.

    thanks.

  2. #2
    Join Date
    Jun 2005
    Location
    英国
    Posts
    11,876
    Thanks
    1
    Thanked 180 Times in 172 Posts
    Blog Entries
    2

    Default

    It basically adds backslashes before any quotes. You would be better advised to use mysql_real_escape_string().
    Twey | I understand English | 日本語が分かります | mi jimpe fi le jbobau | mi esperanton komprenas | je comprends franšais | entiendo espa˝ol | t˘i Ýt hiểu tiếng Việt | ich verstehe ein bisschen Deutsch | beware XHTML | common coding mistakes | tutorials | various stuff | argh PHP!

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •