Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Ivo Jansch's Blog:
Don’t use addslashes for database escapes
Dec 03, 2007 @ 15:27:00

Ivo Jansch has a reminder for developers when they're putting user data into their databases - don't use addslashes.

[Addslashes] is not the best way to escape data. The most important reason is security. addslashes can lure you into a false sense of security. As Chris Shiflett points out, there are situations that addslashes doesn't escape. Use mysql_real_escape_string instead.

Ivo also talks about the advantages of using the right function and suggests another even more secure way too - PDO.

tagged: addslashes mysqlrealescapestring user input pdo addslashes mysqlrealescapestring user input pdo