rubing Posted June 13, 2008 Share Posted June 13, 2008 Do the % and _ wildcard used in mysql LIKE queries need to be escaped?? does addcslashes do this by default? thanks! Link to comment https://forums.phpfreaks.com/topic/110086-escaping-and-_/ Share on other sites More sharing options...
rhodesa Posted June 13, 2008 Share Posted June 13, 2008 they don't need to be escaped unless you don't want them to be wildcards...to escape mysql data use: http://www.php.net/mysql_real_escape_string Link to comment https://forums.phpfreaks.com/topic/110086-escaping-and-_/#findComment-564951 Share on other sites More sharing options...
rubing Posted June 13, 2008 Author Share Posted June 13, 2008 yeah, but addslashes() is faster. http://cognifty.com/index.php/blog.entry/id=6/addslashes_dont_call_it_a_comeback.html Link to comment https://forums.phpfreaks.com/topic/110086-escaping-and-_/#findComment-564972 Share on other sites More sharing options...
rhodesa Posted June 13, 2008 Share Posted June 13, 2008 and how often do you "escape 7 strings 5000 times"? the latency of the HTTP connection to load the page is a bigger time difference... fact of the matter is mysql_real_escape_string PROPERLY escapes mysql strings as that is it's purpose. if you want to use something similar to save a couple hundredths of a second, by all means go for it Link to comment https://forums.phpfreaks.com/topic/110086-escaping-and-_/#findComment-564974 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.