Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What is the difference between mysql_real_escape_string and addslashes?

Tags:

php

mysql_real_escape_string and addslashes are both used to escape data before the database query, so what's the difference? (This question is not about parametrized queries/PDO/mysqli)

like image 861
Kemal Avatar asked Sep 18 '08 09:09

Kemal


1 Answers

string mysql_real_escape_string ( string $unescaped_string [, resource $link_identifier ] )
mysql_real_escape_string() calls MySQL's library function mysql_real_escape_string, which prepends backslashes to the following characters: \x00, \n, \r, \, ', " and \x1a.

string addslashes ( string $str )
Returns a string with backslashes before characters that need to be quoted in database queries etc. These characters are single quote ('), double quote ("), backslash (\) and NUL (the NULL byte).

They affect different characters. mysql_real_escape_string is specific to MySQL. Addslashes is just a general function which may apply to other things as well as MySQL.

like image 107
Mark Embling Avatar answered Nov 15 '22 14:11

Mark Embling