Asperon Posted September 6, 2007 Share Posted September 6, 2007 I've been reading up on mysql injection and the real escape string, and I don't quite understand the syntax and what exactly it does. and what about stipslashes and magic quotes are those also necessary for security? Link to comment https://forums.phpfreaks.com/topic/68270-solved-mysql_real_escape_string-question/ Share on other sites More sharing options...
pocobueno1388 Posted September 6, 2007 Share Posted September 6, 2007 mysql_real_escape_string() is used to prevent mySQL injection. You should use it on ALL variables before inserting them into the database. Addslashes() basically does the same thing. EXAMPLE USE: $var = mysql_real_escape_string($_POST['var']); You should google it and read more on the topic, their are plenty of articles out there about security. Link to comment https://forums.phpfreaks.com/topic/68270-solved-mysql_real_escape_string-question/#findComment-343255 Share on other sites More sharing options...
effigy Posted September 6, 2007 Share Posted September 6, 2007 From the manual: mysql_real_escape_string() calls MySQL's library function mysql_real_escape_string, which prepends backslashes to the following characters: \x00, \n, \r, \, ', " and \x1a. [Addslashes] [R]eturns a string with backslashes before characters that need to be quoted in database queries etc. These characters are single quote ('), double quote ("), backslash (\) and NUL (the NULL byte). mysql_real_escape_string is all you need for MySQL dealings. Link to comment https://forums.phpfreaks.com/topic/68270-solved-mysql_real_escape_string-question/#findComment-343256 Share on other sites More sharing options...
Asperon Posted September 6, 2007 Author Share Posted September 6, 2007 thank you, Link to comment https://forums.phpfreaks.com/topic/68270-solved-mysql_real_escape_string-question/#findComment-343261 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.