Jump to content


Photo

Which one? str_replace() mysql_real_escape_string()


  • Please log in to reply
1 reply to this topic

#1 SharkBait

SharkBait
  • Members
  • PipPipPip
  • Advanced Member
  • 845 posts
  • LocationMetro Vancouver, BC

Posted 29 August 2006 - 07:00 PM

What is the difference between:

str_replace("'", "\'", $mystring);
and
mysql_real_escape_string($mystring);

??


#2 wildteen88

wildteen88
  • Staff Alumni
  • Advanced Member
  • 10,482 posts
  • LocationUK, Bournemouth

Posted 29 August 2006 - 07:02 PM

mysql_real_escape_sting escapes other characters, such as whitespace, quotes, hex, slashes (\x00, \n, \r, \, ', " and \x1a)

Where as your code just escapes single quotes.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users