addslashes doesn't take encoding's into account.
http://shiflett.org/blog/2006/jan/addslashes-versus-mysql-real-escape-string
goes into some details.
Karl DeSaulniers wrote:
So what's the difference with that and addslashes() ?
Karl
Sent from losPhone
On Dec 15, 2009, at 3:50 PM, Chris <dmagick@xxxxxxxxx> wrote:
Karl DeSaulniers wrote:
What does this do exactly?
Documentation was a bit fuzzy for me.
Is it needed at all times to protect with?
Per the docs:
prepends backslashes to the following characters: \x00, \n, \r, \, ',
" and \x1a.
So anything that has a null character, a newline (windows/linux/mac),
single and double quotes and \x1a (not sure what that is) is escaped
and ready to be put in a query.
If you don't quote those characters someone could put one of those
characters in a query and cause problems - starting off with an
invalid query but possibly ending up worse.
--
Postgresql & php tutorials
http://www.designmagick.com/
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
Postgresql & php tutorials
http://www.designmagick.com/
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
