Announcement

**Dean C** · Sun 27 Jan '08, 10:22pm

You should not use addslashes if you are inserting into a MySQL database. You should always use the native escaping function (mysql_real_escape_string

)

**Dream** · Mon 28 Jan '08, 5:21am

On a side note, I just noticed real_escape_string existed, I must have a bunch of code around using the old function. Is this function new?

**Ryan Ashbrook** · Mon 28 Jan '08, 5:51am

Originally posted by Dream

On a side note, I just noticed real_escape_string existed, I must have a bunch of code around using the old function. Is this function new?

It was added in PHP 4.3.0.

**Dream** · Mon 28 Jan '08, 5:53am

Not sure when that was released... nevermind I'll check php.net.

**mrlister** · Mon 28 Jan '08, 7:53am

vBulletin uses addslashes() in the queries. Should I change those to the other one?

**Mike Sullivan** · Mon 28 Jan '08, 8:03am

3.5 and up haven't gone *near* addslashes()

**mrlister** · Mon 28 Jan '08, 9:43am

Lol, ok I guess that gives away what version I'm using on one of my boards

Announcement

addslashes() or mysql_real_escape_string()

addslashes() or mysql_real_escape_string()

Comment

Comment

Comment

Comment

Comment

Comment

Comment