Jump to content



  • Please log in to reply
2 replies to this topic

#1 AncientSage

  • Members
  • PipPipPip
  • Advanced Member
  • 56 posts

Posted 02 August 2006 - 08:16 PM


Quick question, does the mysql_real_escape_string function have the ability to be used for other databases and such? Or perhaps not even a database at all, or is it a MySQL only function?

If not, then I guess I'll be using addslashes, which is an older less recommended function, is it not?


#2 effigy

  • Staff Alumni
  • Advanced Member
  • 3,600 posts
  • LocationIL

Posted 02 August 2006 - 08:33 PM

The manual states:


    The string that is to be escaped.
    The MySQL connection. If the link identifier is not specified, the last link opened by mysql_connect() is assumed. If no such link is found, it will try to create one as if mysql_connect() was called with no arguments. If by chance no connection is found or established, an E_WARNING level warning is generated.

In other words, it's going to look for a MySQL connection.

You can:

  • Check the manual to see if another database has a similar function; or
  • Recreate the function to be used for that (or any) database, based on the information that the manual provides:

mysql_real_escape_string() calls MySQL's library function mysql_real_escape_string, which prepends backslashes to the following characters: \x00, \n, \r, \, ', " and \x1a.

Regexp | Unicode Article | Letter Database

#3 tomfmason

  • Staff Alumni
  • Advanced Member
  • 1,696 posts
  • Locationstealing your wifi

Posted 02 August 2006 - 09:17 PM

Another way that you can avoid database insertion is using something like
. Just filter your input to see if any of the troublesome keys are present.

Traveling East in search of instruction, and West to propagate the knowledge I have had gained.

current projects: pokersource

My Blog | My Pastebin | PHP Validation class | Backtrack linux

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users