Posted by John Nichel on 10/14/05 16:23

Marcus Bointon wrote:
> On 14 Oct 2005, at 04:48, David Robley wrote:
>
>> That is incorrect. mysql_real_escape_string is a php function, not
>> mysql.
>
>
> Mostly true: mysql_real_escape_string is a php function, but it's
> provided by the mysql extension as part of the mysql client libraries
> (which explains the name). It doesn't do anything significantly
> different to addslashes(), which is purely a PHP internal function. If
> you are writing database independent code, you should probably prefer
> addslashes (or things like adodb::qstr).

mysql_real_escape_string() takes into account the current characterset
of the database. addslashes() does not.

--
John C. Nichel
ÜberGeek
KegWorks.com
716.856.9675
john@kegworks.com

[Back to original message]