Dotan Cohen wrote:
So, actually taking a minute to read up on addcslashes(), it is a rather handy
little function.

Taking the list of characters that mysql_real_escape_string() says it escapes:

Which it lists: \x00, \n, \r, \, ', " and \x1a

\0  = \x0
\10 = \n
\13 = \r
\92 = \
\44 = '
\34 = "
\26 = \x1a

You could do something like this.

function cleaner($input) {
       return addcslashes($input, "\0\10\13\92\44\34\26");

Maybe this will help...


So far as I understand mysql_real_escape_string() was invented because
addslashes() is not adequate.

If you look a little closer, you will see that I am not using addslashes(). Rather, I am using addcslashes(). This allows to specify the characters that I want escaped, instead of the default assumed characters from addslashes().

Jim Lucas

   "Some men are born to greatness, some achieve greatness,
       and some have greatness thrust upon them."

Twelfth Night, Act II, Scene V
    by William Shakespeare

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to