mysql_real_escape_string
and addslashes
are both used to escape data before the database query, so what's the difference? (This question is not about parametrized queries/PDO/mysqli)
string mysql_real_escape_string ( string $unescaped_string [, resource $link_identifier ] )
mysql_real_escape_string()
calls MySQL's library function mysql_real_escape_string, which prepends backslashes to the following characters: \x00, \n, \r, \, ', " and \x1a.
string addslashes ( string $str )
Returns a string with backslashes before characters that need to be quoted in database queries etc. These characters are single quote ('), double quote ("), backslash (\) and NUL (the NULL byte).
They affect different characters. mysql_real_escape_string
is specific to MySQL. Addslashes is just a general function which may apply to other things as well as MySQL.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With