Hi,

I just finished reading Chris Shiflett's article in this months php|a
about SQL injection and have a question I can't seem to find answered
anywhere:

Does mysql_real_escape_string (or mysql_escape_string) do anything
extra that addslashes() doesn't? In the examples in the manual it is
just used to escape the ' character, but that is exactly what
addslashes() will do anyway.

Is mysql_real_escape_string tolerant of magic quotes? i.e. will you
end up with double-quoted strings like: "it\\'s a lovely day" if you
call it too many times?

-- 
Best regards,
 Richard Davey
 http://www.phpcommunity.org/wiki/296.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to