Jump to content

real escape string


Ninjakreborn

Recommended Posts

I am writing up a function, I can use on all variables before database entry.
It's definitely going to perform mysql_real_escape_string()
I had a few questions about it first.
I have been using it awhile but never really saw anything beyond what they say on php.net

1. I know it escape's some things but does it escape everything that addslashes does.  Everything?
2. When it comes down to the functionality, is there anything safety related that mysql_real_escape_string doesn't do.  Meaning are there other function's I can run a variable through along with mysql_real_escape_string() to make them even safer?  If so like what?

3. Would mysql_real_escape_string allow html to get put through, the reason I am wondering, is I am going to have 2 functions.  One will just purge anything bad from it, the secnod is also going to strip all xhtml, css, and check for php programming, or javascript.  It's goign to test the variable for a lot, to make sure it's not got anything in it.  I was wondering though does mysql_real_escape_string do this, or wuold I have to do all of that seperate.  Because i wanted my one function to be ran through mysql_real_escape_string and whateverelse you suggets, but I wanted to be able to store xhtml or whatever else in the db
when it come's to another function I would take care of all of that.
Any advice/feedback would be appreciated.
Link to comment
Share on other sites

I was already fully aware of that specific point.  The thing I was wondering, whether someone use's mysql_real_escape_string or addslashes is subject to opinion it seems most of the time.
What I was wondering is, aside from whether you choose
A. mysql_real_escape_string()
B. add_slashes()
is there something else, or some other things you can use along with A or B that can make it even safer? Than just using A or B alone.
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.