Johannes Lindenbaum wrote: > Just a question out of pure curiosity. Why would one prefer > using mysql_real_escape_string (I'm using 5.1.6 so > mysql_escape_string is deprecated). and htmlentities instead > of addslashes and stripslashes?
This example might be helpful: http://shiflett.org/archive/184 It highlights the importance of character encoding consistency by demonstrating an SQL injection attack that is immune to addslashes() but not mysql_real_escape_string(). Hope that helps. Chris -- Chris Shiflett http://shiflett.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
