Join Up! 104886 members and counting!

Login To PHPBuilder User Name: Password: Register A New Site Account * NOTE: This is for logging into the main site only! To login to the forums, click here

Linux Today Enterprise Linux Today Apache Today JustLinux.com Linux Planet PHPBuilder All Linux Devices Hiermenus DatabaseJournal Technology Jobs Covalent Extends Apache 2.0 to Microsoft ASP.NET ShopWorX - Support for Windows PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1 Network Risk Assessment Full-Featured, Java-Based Apache GUI Email Forms in PHP PHP Object Remoting in Flex XMLHttpRequest and AJAX for PHP programmers, Part 2 Mass Customization Databases in PHP, SQL Basics

php-general | 2005051

From: Jason Wong (php-general <email protected>)
Date: 05/11/05

• Next message: Dan Rossi: "Re: [PHP] Generating a php file"
• Previous message: Oscar Andersson: "[PHP] PHP 5.0. Save classes in a session. Need help now"
• In reply to: -k.: "Re: [PHP] MySql injections (related question)"
• Next in thread: Richard Lynch: "Re: [PHP] MySql injections (related question)"
• Reply: Richard Lynch: "Re: [PHP] MySql injections (related question)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thursday 12 May 2005 06:30, -k. wrote:
> I have a related question, many of you have suggested
> using addslashes on your variables to prevent SQL
> injections, but is it safer to use
> mysql_real_escape_string (or mysql_escape_string)?
> What is the benefit / cost of using
> mysql_real_escape_string rather than addslashes? When
> using Postgres i always use pg_escape_string on
> anything i send the DB's way. In fact the manual says
> specifically to use pg_escape_string rather than
> addslashes (however it doesn’t give that advice in
> mysql_real_escape_string )...

Postgresql uses a single-quote to escape a single-quote. MySQL uses a
backslash. Hence running addslashes() on a string destined for MySQL is
usually OK whilst doing so for Postgresql is not.

But now that mysql_real_escape_string() is available that is what you
ought to use.

-- 
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
------------------------------------------
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
------------------------------------------
New Year Resolution: Ignore top posted posts
-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

• Next message: Dan Rossi: "Re: [PHP] Generating a php file"
• Previous message: Oscar Andersson: "[PHP] PHP 5.0. Save classes in a session. Need help now"
• In reply to: -k.: "Re: [PHP] MySql injections (related question)"
• Next in thread: Richard Lynch: "Re: [PHP] MySql injections (related question)"
• Reply: Richard Lynch: "Re: [PHP] MySql injections (related question)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Columns / Articles | Tips / Quickies | News | News Linking and RSS Feeds | Shared Code Library Mail Archives | Support / Discussion Forums | Get Started! Links | Contribute! | Docs