Posted by frizzle on 09/07/05 00:27

Hi there,

I was wondering the folllowing: when i insert something
into a mySQL DB -in a guestbook for instance- i mostly use
mysql_escape_string($_POST['comment'). now i've seen
mysql_real_escape_string, and i was wondering if there's a
big difference between them, but most of all, i was wondering
if 'addslashes()' is safe enough, because i noticed that
stripslashes() doesn't strip all 'mysql_escape_string' slashes,
but does strip all 'addslashes()' ... :-s

I know there's something called mySQL-injection, and if i
got it correctly, that would mean executing queries
e.g. by submitting a " and then a query ...
of course i want to prevent this.

I hope this kinda makes sense ... :-)

Greetings Frizzle.

• Next in forum: Re: inserting data into mysql
• Prev in forum: Re: Lost password + MD5 ?
• Thread view: Safe insert queries for mysql ?

[Reply to this message]