Hello all,
I'm building a class called 'safehouse' that includes different functions to filter data and create random strings for passwords and other things like that. My problem is, there are many times when I want to store variables in a 'clean' array after checking to see if they are of the correct input and after escaping them.
The problem is that mysql_real_escape_string() can only be called after a connection to the database is made, and I want to do things before that connection is made. That being said, would using addslashes() obtain the same objective with the same amount of security?
Thank you,
Jason
addslashes() vs. mysql_real_escape_string()
Moderator: General Moderators
Re: addslashes() vs. mysql_real_escape_string()
No.SimonJ621 wrote:That being said, would using addslashes() obtain the same objective with the same amount of security?
Please read http://shiflett.org/archive/184
- Chris Corbyn
- Breakbeat Nuttzer
- Posts: 13098
- Joined: Wed Mar 24, 2004 7:57 am
- Location: Melbourne, Australia
Re: addslashes() vs. mysql_real_escape_string()
addslashes() only escapes quotes and slashes.... why not use mysql_escape_string() ?SimonJ621 wrote:Hello all,
I'm building a class called 'safehouse' that includes different functions to filter data and create random strings for passwords and other things like that. My problem is, there are many times when I want to store variables in a 'clean' array after checking to see if they are of the correct input and after escaping them.
The problem is that mysql_real_escape_string() can only be called after a connection to the database is made, and I want to do things before that connection is made. That being said, would using addslashes() obtain the same objective with the same amount of security?
Thank you,
Jason
Re: addslashes() vs. mysql_real_escape_string()
Thank you, I'm actually reading a book by Chris Shiftlett right now, Essential PHP Security.volka wrote: No. Please read http://shiflett.org/archive/184
d11wtq wrote: addslashes() only escapes quotes and slashes.... why not use mysql_escape_string() ?
And thank you, I'm just learning PHP and wasn't aware of this function, but it's exactly what I am looking for.
Jason