Chris schrieb:
That part is correct.
You shouldn't need to use addslashes - use mysql_real_escape_string or
mysql_escape_string depending on your (current) php version - they are
both "locale aware" and will escape things for you depending on mysql
server (re: language setup).
Then just use htmlentities to display on the frontend rather than
using stripslashes.
Of course other db's have similar functions, check the manual.
--> Sorry I sent you this email to your personal account, Chris.
Morning,
Just a question out of pure curiosity. Why would one prefer using
mysql_real_escape_string (I'm using 5.1.6 so mysql_escape_string is
deprecated). and htmlentities instead of addslashes and stripslashes?
I'm going to guess the main reason is to stop SQL injections? But
wouldn't add- and stripslashes do the same?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
