Jump to content

Which should I use?


rockinaway

Recommended Posts

mysql_real_escape_string() and addslashes()

pretty much do the same thing, and that is

add a \ before single and double quotes to prevent

sql injection. i recommend using mysql_real_escape_string()

before adding anything into your database, and when

you want to echo out the data just use stripslashes()

to get rid of the \. also i recommend you use

htmlentites() if you dont want your users to be able

to use html in the data the submit

Link to comment
https://forums.phpfreaks.com/topic/99713-which-should-i-use/#findComment-510076
Share on other sites

So whenever I use mysql_real_escape_string() (which I am using).. I would have to always use stripslashes() to output the data properly?

 

And htmlentities does more than htmlspecialchars right? So when would I use this? For any form fields that I use coupling it with mysql_real_escape_string? And for outputting what would I do?

Link to comment
https://forums.phpfreaks.com/topic/99713-which-should-i-use/#findComment-510091
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.