bolt Posted November 5, 2008 Share Posted November 5, 2008 Hello, I have a question about SQL injections. What functions should I use before inserting data into a database or before using variables in SQl sentence. I know two functions: -mysql_real_escape_string -addslashes what is the difference between these two functions? Which function should I use before inserting data in database or using variables in SQl query? Quote Link to comment Share on other sites More sharing options...
rhodesa Posted November 5, 2008 Share Posted November 5, 2008 if you are using a MySQL database, mysql_real_escape_string(). addslashes doesn't properly escape all the characters needed. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.