Announcement

Collapse
No announcement yet.

addslashes() or mysql_real_escape_string()

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • mrlister
    replied
    Lol, ok I guess that gives away what version I'm using on one of my boards

    Leave a comment:


  • Mike Sullivan
    replied
    3.5 and up haven't gone *near* addslashes()

    Leave a comment:


  • mrlister
    replied
    vBulletin uses addslashes() in the queries. Should I change those to the other one?

    Leave a comment:


  • Dream
    replied
    Not sure when that was released... nevermind I'll check php.net.

    Leave a comment:


  • Ryan Ashbrook
    replied
    Originally posted by Dream View Post
    On a side note, I just noticed real_escape_string existed, I must have a bunch of code around using the old function. Is this function new?
    It was added in PHP 4.3.0.

    Leave a comment:


  • Dream
    replied
    On a side note, I just noticed real_escape_string existed, I must have a bunch of code around using the old function. Is this function new?

    Leave a comment:


  • Dean C
    replied
    You should not use addslashes if you are inserting into a MySQL database. You should always use the native escaping function (mysql_real_escape_string )

    Leave a comment:


  • mrlister
    started a topic addslashes() or mysql_real_escape_string()

    addslashes() or mysql_real_escape_string()

    I noticed I have a bunch of addslashes() in vBulletin I'm running.

    Are there any threats there of SQL injections? Is mysql_real_escape_string() better to use?

    http://shiflett.org/blog/2006/jan/ad...-escape-string
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X