News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Mark Kimsal's Blog:
Addslashes() don't call it a comeback
June 12, 2008 @ 13:36:20

As Michael Kimsal points out, there's a new posting on his brother Mark's blog talking about alternatives to addslashes() in your applications.

I've seen a lot of people talking about mysql_real_escape_string() vs addslashes() vs addcslashes(). There seems to be a lot of real confusion about what these functions do (even with the php.net manual around), especially when it comes to character sets. [...] So, I've decided to lay it all out in a few charts so there is no confusion about what each function does and how each can help protect against SQL injection attacks.

He ran some tests based on what the function does to see if it helps with certain things like "escapes with single quotes instead of backslash" and "prevents multi-byte attacks". He compares the speed and testability of the functions as well as provides a multi-byte breakdown oh how the mysql_real_escape_string function works with different character sets.

0 comments voice your opinion now!
addslashes compare escape string mysql addcslashes multibyte


blog comments powered by Disqus

Similar Posts

Zend Developer Zone: Getting Started with Drizzle and PHP

Hyperpolyglot.org: Syntax for Common Tasks - Side-by-side (Ruby, Perl, Python & PHP)

Ryan Malesevich's Blog: iTunes Stats for Macintosh with PHP & MySQL Part 1

Dennis Chung's Blog: Server Core + IIS7 + PHP + MySQL (and Wordpress)

Bence Eros' Blog: Getters, setters, performance


Community Events





Don't see your event here?
Let us know!


opinion podcast tool language update series version composer symfony laravel package interview release install introduction voicesoftheelephpant security library community framework

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework