rarebit Posted August 30, 2008 Share Posted August 30, 2008 If you use mysql_real_escape_string, does it use the actual connection, and therefore is it slower than using addslashes? Link to comment https://forums.phpfreaks.com/topic/121947-best-way-to-escape/ Share on other sites More sharing options...
DarkWater Posted August 30, 2008 Share Posted August 30, 2008 mysql_real_escape_string() escapes all the necessary characters for using a string in a MySQL query, and is insurmountably (OMG GREAT WORD. +1 FOR DARKWATER) better than addslashes(). Link to comment https://forums.phpfreaks.com/topic/121947-best-way-to-escape/#findComment-629428 Share on other sites More sharing options...
kratsg Posted August 30, 2008 Share Posted August 30, 2008 That's not a real word... I think o_o When you connect to a mysql db, that connection will be required in order to use mysql_real_escape_string. It's supercalafrijalisticexpialadociously amazing (+10 for kratsg). You cannot use it alone without having that pre-existing connection on the page. It's not slow in any sense (not unless you use it on an array of 500 million pieces of data, in which case even addslashes would be slow :-P same for htmlentities, striptags, etc..) Link to comment https://forums.phpfreaks.com/topic/121947-best-way-to-escape/#findComment-629433 Share on other sites More sharing options...
JasonLewis Posted August 30, 2008 Share Posted August 30, 2008 You do need a MySQL connection present when using it as well. (What kratsg said. ) Link to comment https://forums.phpfreaks.com/topic/121947-best-way-to-escape/#findComment-629434 Share on other sites More sharing options...
Fadion Posted August 30, 2008 Share Posted August 30, 2008 The manual states in mysql_real_escape_string() documentation: This function must always (with few exceptions) be used to make data safe before sending a query to MySQL. But it doesnt say this in the addslashes() documentation. So basically you get the answer . +50 for GuiltyGear Link to comment https://forums.phpfreaks.com/topic/121947-best-way-to-escape/#findComment-629440 Share on other sites More sharing options...
kratsg Posted August 30, 2008 Share Posted August 30, 2008 The manual states in mysql_real_escape_string() documentation: This function must always (with few exceptions) be used to make data safe before sending a query to MySQL. But it doesnt say this in the addslashes() documentation. So basically you get the answer . +50 for GuiltyGear You only get points for using your own words... So hah! You quoted from php.net.. You get respect, but not points.. :-o Link to comment https://forums.phpfreaks.com/topic/121947-best-way-to-escape/#findComment-629448 Share on other sites More sharing options...
DarkWater Posted August 30, 2008 Share Posted August 30, 2008 I get points for using cool words. Link to comment https://forums.phpfreaks.com/topic/121947-best-way-to-escape/#findComment-629452 Share on other sites More sharing options...
Fadion Posted August 30, 2008 Share Posted August 30, 2008 Ok i'll stick to my respect points. I'll manage to level it up somehow PS: Aren't we getting a bit off topic lately . I'm leaving anyway, cheers. Link to comment https://forums.phpfreaks.com/topic/121947-best-way-to-escape/#findComment-629457 Share on other sites More sharing options...
rarebit Posted August 30, 2008 Author Share Posted August 30, 2008 Guilty Gear An example use of addslashes() is when you're entering data into a database. But, mysql_real_escape_string uses a socket (tcp packetised) and the a binary function, whereas using addslashes just uses a binary function, thats my reasoning anyway. Also mysql_real_escape_string probably uses other functions as well... Bodacious dudes! P.S. 'insurmountably' is a word, also +1 for correct spelling! Link to comment https://forums.phpfreaks.com/topic/121947-best-way-to-escape/#findComment-629459 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.