- addslashes
stripslashes
mysql_real_escape_string
mysql_escape_string
What is the differences btw addslashes, stripslashes etc
Moderator: General Moderators
What is the differences btw addslashes, stripslashes etc
Hello there, pls i need to know the differences between the followings and if they can be used interchangeably.
- social_experiment
- DevNet Master
- Posts: 2793
- Joined: Sun Feb 15, 2009 11:08 am
- Location: .za
Re: What is the differences btw addslashes, stripslashes etc
The Manual wrote:addslashes() - Returns a string with backslashes before characters that need to be quoted in database queries etc. These characters are single quote ('), double quote ("), backslash (\) and NUL (the NULL byte).
The Manual wrote:stripslashes - Un-quotes a quoted string.
Addslashes() can be used to escape quotes string that goes into the database, but that is actually mysql_real_escape_string()'s job. Stripslashes() removes any slashes that were added by the other two functions (if any)The Manual wrote:mysql_real_escape_string() — Escapes special characters in a string for use in a SQL statement
mysql_escape_string() is deprecated and you should use mysql_real_escape_string() instead.
If you want your data to display correctly you would probably continue using your current process. The escaping is there to prevent injection attempts.adsegzy wrote:if i use mysql_real_escape_string or mysql_escape_string, the form will return \r\n in place of the character. but if i use stripslashes it will return every special character the normal way without any problem. so which is the best?
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering