mysql_real_escape_string

[AncientSage]

Hello,

Quick question, does the mysql_real_escape_string function have the ability to be used for other databases and such? Or perhaps not even a database at all, or is it a MySQL only function?

If not, then I guess I'll be using addslashes, which is an older less recommended function, is it not?

Thanks.

[effigy]

The manual states:

[quote]
Parameters

unescaped_string
    The string that is to be escaped.
link_identifier
    The MySQL connection. [b]If the link identifier is not specified, the last link opened by mysql_connect() is assumed. If no such link is found, it will try to create one as if mysql_connect() was called with no arguments. If by chance no connection is found or established, an E_WARNING level warning is generated.[/b]
[/quote]

In other words, it's going to look for a MySQL connection.

You can:

[list]
[*]Check the manual to see if another database has a similar function; or
[*]Recreate the function to be used for that (or any) database, based on the information that the manual provides:[/list]
[quote]
mysql_real_escape_string() calls MySQL's library function mysql_real_escape_string, which prepends backslashes to the following characters: \x00, \n, \r, \, ', " and \x1a.
[/quote]

[tomfmason]

Another way that you can avoid database insertion is using something like [code=php:0]preg_match[/code]. Just filter your input to see if any of the troublesome keys are present.