PHPDeveloper.org: Chris Shiflett's Blog: The addslashes() Versus mysql_real_escape_string() Debate

	News Feed
	Jobs Feed

Sections

Tutorials

Books

Events

Talks

Jobs

Recent Jobs

Job Posting: Bayser Consulting Seeks Analytical Programmer (Skokie, IL)

Job Posting: Revelation Partners (Recruiter) Seeks Mid-Principal PHP Developer (Boston, MA)

Dave Marshall's Blog: Competition: PHP Job Hunters Handbook up for grabs

Job Posting: LIVESTRONG.com/Demand Media Inc. Seeks Senior PHP Software Developer (Santa Monica, CA)

Job Posting: Children's Hospital Boston Seeks Open Source Web Developer (Boston, MA)

Job Posting: eReleases Seeks Zend/PHP Developer (Baltimore, MD)

Job Posting: Chegg Seeks Senior PHP Developer (Santa Clara, CA)

Job Posting: TEKSystems (Recruiter) Seeks PHP Web Application Developers (Tampa, FL)

Job Posting: Quinstreet, Inc. Seeks Sr. PHP Developer (Foster City, CA)

Job Posting: WideEye Interactive/Moroch Advertising Seeks Web Developer (Dallas, TX)

News Archive

Ken Guest's Blog: PHP for Enterprise/Business Whitepaper

PHPImpact Blog: PHP: Spaghetti alla Bolognese

CSS-Tricks.com: PHP for Beginners: Building Your First Simple CMS

IBuildings Blog: Book Review: TYPO3 Extension Development

Job Posting: Bayser Consulting Seeks Analytical Programmer (Skokie, IL)

Vinu Thomas' Blog: PHP functions in Javascript using PHP.JS

Job Posting: Revelation Partners (Recruiter) Seeks Mid-Principal PHP Developer (Boston, MA)

Community News: php|architect Free Webcast Series

Site News: Popular Posts for the Week of 01.09.2009

ElePHPant World Tour: The Elephpant World Tour 2008 is done!

Chris Shiflett's Blog:
The addslashes() Versus mysql_real_escape_string() Debate

by Chris Cornutt January 23, 2006 @ 06:46:32

In his latest blog entry, Chris Shiflett looks at a debate that's been going for a while now - addslashes() versus mysql_real_escape_string().

Last month, I discussed Google's XSS Vulnerability and provided an example that demonstrates it. I was hoping to highlight why character encoding consistency is important, but apparently the addslashes() versus mysql_real_escape_string() debate continues. Demonstrating Google's XSS vulnerability was pretty easy. Demonstrating an SQL injection attack that is immune to addslashes() is a bit more involved, but still pretty straightforward.

The reminder of the post explains the difference, how how protects you when the other doesn't (addslashes), and a simple example of how something like that could be accomplished, including code...

0 comments voice your opinion now!
php addslashes mysql_real_escape_string debate protect sql injection php addslashes mysql_real_escape_string debate protect sql injection

Similar Posts

PHPBuilder.com: Bambalam PHP EXE Compiler Now Available

Vinu Thomas' Blog: Securimage Captcha for PHP

Scott Mattocks\' Blog: PHP-GTK News #11

Chris Shiflett\'s Blog: PHP Testing Tutorial at ApacheCon

PHPBuilder.com: Using XML - A PHP Developer\'s Primer (Part 4) - XML-RPC, PHP and Javascript

Community Events

Don't see your event here?
Let us know!

All content copyright, 2009 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework