Posted by -K. on 05/12/05 01:30
I have a related question, many of you have suggested
using addslashes on your variables to prevent SQL
injections, but is it safer to use
mysql_real_escape_string (or mysql_escape_string)?
What is the benefit / cost of using
mysql_real_escape_string rather than addslashes? When
using Postgres i always use pg_escape_string on
anything i send the DB's way. In fact the manual says
specifically to use pg_escape_string rather than
addslashes (however it doesn
[Back to original message]
|