rockinaway Posted April 5, 2008 Share Posted April 5, 2008 Right I am up on security, but getting confused about what to use where. Can someone please explain the purpose, the use and an example for the following: - htmlspecialchars - addslashes - mysql_real_escape_string Thanks Link to comment https://forums.phpfreaks.com/topic/99713-which-should-i-use/ Share on other sites More sharing options...
Northern Flame Posted April 5, 2008 Share Posted April 5, 2008 mysql_real_escape_string() and addslashes() pretty much do the same thing, and that is add a \ before single and double quotes to prevent sql injection. i recommend using mysql_real_escape_string() before adding anything into your database, and when you want to echo out the data just use stripslashes() to get rid of the \. also i recommend you use htmlentites() if you dont want your users to be able to use html in the data the submit Link to comment https://forums.phpfreaks.com/topic/99713-which-should-i-use/#findComment-510076 Share on other sites More sharing options...
rockinaway Posted April 5, 2008 Author Share Posted April 5, 2008 So whenever I use mysql_real_escape_string() (which I am using).. I would have to always use stripslashes() to output the data properly? And htmlentities does more than htmlspecialchars right? So when would I use this? For any form fields that I use coupling it with mysql_real_escape_string? And for outputting what would I do? Link to comment https://forums.phpfreaks.com/topic/99713-which-should-i-use/#findComment-510091 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.