News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Ivo Jansch's Blog:
Don't use addslashes for database escapes
December 03, 2007 @ 15:27:00

Ivo Jansch has a reminder for developers when they're putting user data into their databases - don't use addslashes.

[Addslashes] is not the best way to escape data. The most important reason is security. addslashes can lure you into a false sense of security. As Chris Shiflett points out, there are situations that addslashes doesn't escape. Use mysql_real_escape_string instead.

Ivo also talks about the advantages of using the right function and suggests another even more secure way too - PDO.

0 comments voice your opinion now!
addslashes mysqlrealescapestring user input pdo addslashes mysqlrealescapestring user input pdo


blog comments powered by Disqus

Similar Posts

Ivo Jansch's Blog: Don’t use addslashes for database escapes

Hokuten.net: A WordPress User’s Guide to Drupal

Tiffany Brown's Blog: NYPHP Con: “Introduction to PDO” (Notes)

Brian Swan's Blog: CTP 2 of Microsoft Driver for PHP for SQL Server Released!

SomeCoders.com: Member Managment System Using PHP, AJAX and script.aculo.us (Part 3)


Community Events

Don't see your event here?
Let us know!


framework application part2 yii2 podcast composer series php7 api example language list laravel community opinion interview programming symfony introduction project

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework