Page 1 of 1

What is the differences btw addslashes, stripslashes etc

Posted: Thu Apr 14, 2011 10:16 am
by adsegzy
Hello there, pls i need to know the differences between the followings and if they can be used interchangeably.
  • addslashes
    stripslashes
    mysql_real_escape_string
    mysql_escape_string
I have read many articles on the above that are complicating. One of them says you use addslashes to insert into database and stripslashes to retrieve from database. But whenever i use addslashes for my form, after submiting the form, any text that has special characters like ' or " will display 3 backslashes before the character. if i use mysql_real_escape_string or mysql_escape_string, the form will return \r\n in place of the character. but if i use stripslashes it will return every special character the normal way without any problem. so which is the best?

Re: What is the differences btw addslashes, stripslashes etc

Posted: Thu Apr 14, 2011 12:09 pm
by social_experiment
The Manual wrote:addslashes() - Returns a string with backslashes before characters that need to be quoted in database queries etc. These characters are single quote ('), double quote ("), backslash (\) and NUL (the NULL byte).
The Manual wrote:stripslashes - Un-quotes a quoted string.
The Manual wrote:mysql_real_escape_string() — Escapes special characters in a string for use in a SQL statement
Addslashes() can be used to escape quotes string that goes into the database, but that is actually mysql_real_escape_string()'s job. Stripslashes() removes any slashes that were added by the other two functions (if any)

mysql_escape_string() is deprecated and you should use mysql_real_escape_string() instead.
adsegzy wrote:if i use mysql_real_escape_string or mysql_escape_string, the form will return \r\n in place of the character. but if i use stripslashes it will return every special character the normal way without any problem. so which is the best?
If you want your data to display correctly you would probably continue using your current process. The escaping is there to prevent injection attempts.