Posted by Jerry Stuckle on 03/15/07 12:56

mun wrote:
> when magic_quotes_gpc = off, what is the difference between
> addslashes($var) and my_real_escape_string($var).
>
> I use a function from php manual like this:
>
> function quote_smart($value)
> {
> // Stripslashes
> if (get_magic_quotes_gpc()) {
> $value = stripslashes($value);
> }
> // Quote if not integer
> if (!is_numeric($value)) {
> $value = " ' " . mysql_real_escape_string($value) . " ' ";
> }
> return $value;
> }
>
>
> I use it with a select query like this: "select * from table where id
> = ".quote_smart($_GET["id"]) and it doesn't work (no result returned).
> But when I replace the quote_smart function with the normal addslashes
> function, it works. (my default magic_quotes_gpc = off)
>

RTFM. mysql_real_escape_string() is charset sensitive. addslashes() is not.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

[Back to original message]