Announcement

Collapse
No announcement yet.

addslashes() or mysql_real_escape_string()

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • addslashes() or mysql_real_escape_string()

    I noticed I have a bunch of addslashes() in vBulletin I'm running.

    Are there any threats there of SQL injections? Is mysql_real_escape_string() better to use?

    http://shiflett.org/blog/2006/jan/ad...-escape-string
    - MrLister

  • #2
    You should not use addslashes if you are inserting into a MySQL database. You should always use the native escaping function (mysql_real_escape_string )
    Dean Clatworthy - Web Developer/Designer

    Comment


    • #3
      On a side note, I just noticed real_escape_string existed, I must have a bunch of code around using the old function. Is this function new?
      Radio and TV Player for vBulletin

      Comment


      • #4
        Originally posted by Dream View Post
        On a side note, I just noticed real_escape_string existed, I must have a bunch of code around using the old function. Is this function new?
        It was added in PHP 4.3.0.
        Ryan Ashbrook - My Blog - My Twitter

        Comment


        • #5
          Not sure when that was released... nevermind I'll check php.net.
          Radio and TV Player for vBulletin

          Comment


          • #6
            vBulletin uses addslashes() in the queries. Should I change those to the other one?
            - MrLister

            Comment


            • #7
              3.5 and up haven't gone *near* addslashes()

              Comment


              • #8
                Lol, ok I guess that gives away what version I'm using on one of my boards
                - MrLister

                Comment

                widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                Working...
                X