PHPBuilder.com, the best resource for PHP tutorials, templates, PHP manuals, content management systems, scripts, classes and more.

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices
Hiermenus
DatabaseJournal
Technology Jobs

IT
Developer
Internet News
Small Business
Personal Technology

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

Covalent Extends Apache 2.0 to Microsoft ASP.NET
ShopWorX - Support for Windows
PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
Network Risk Assessment
Full-Featured, Java-Based Apache GUI

Partners & Affiliates

In Case You Missed It...The Week of May 29th, 2006
In Case You Missed It...The Week of January 9, 2006
Regression Testing With JMeter
Slapping together a search engine
Building Web Services Using NuSOAP Toolkit

php-general | 2005051

Re: [PHP] MySql injections (related question) From: -k. (telirum <email protected>)
Date: 05/11/05

Next message: Christopher J. Bottaro: "[PHP] Re: expand array into function arguments?"
Previous message: Richard Lynch: "RE: [PHP] protect your CSS files, and possibly other extenstionsas well..."
Next in thread: Jason Wong: "Re: [PHP] MySql injections (related question)"
Reply: Jason Wong: "Re: [PHP] MySql injections (related question)"
Maybe reply: Jennifer Goodie: "Re: [PHP] MySql injections (related question)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I have a related question, many of you have suggested
using addslashes on your variables to prevent SQL
injections, but is it safer to use
mysql_real_escape_string (or mysql_escape_string)?
What is the benefit / cost of using
mysql_real_escape_string rather than addslashes? When
using Postgres i always use pg_escape_string on
anything i send the DB's way. In fact the manual says
specifically to use pg_escape_string rather than
addslashes (however it doesn�t give that advice in
mysql_real_escape_string )...

http://us3.php.net/manual/en/function.pg-escape-string.php

Not being familiar with the internals of any of these
functions, i'm wondering which are safer or do they do
approximately the same thing? Is there any difference
in performance? Which method do you use and why?

-k.

__________________________________
Do you Yahoo!?
Yahoo! Mail - Helps protect you from nasty viruses.
http://promotions.yahoo.com/new_mail

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Next message: Christopher J. Bottaro: "[PHP] Re: expand array into function arguments?"
Previous message: Richard Lynch: "RE: [PHP] protect your CSS files, and possibly other extenstionsas well..."
Next in thread: Jason Wong: "Re: [PHP] MySql injections (related question)"
Reply: Jason Wong: "Re: [PHP] MySql injections (related question)"
Maybe reply: Jennifer Goodie: "Re: [PHP] MySql injections (related question)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]