mysql_real_escape_string() vs addslashes()

(pgs. 124-125)

When describing the function mysql_real_escape_string(), the following note was included:

Note: Performs the same functionality as addslashes().

While they are practically identical in their behavior, this is an oversimplification of the extra strength of mysql_real_escape_string(). At this point, I will pass on the following blog post that provides some extra insight into the comparison of the two variables:addslashes() Versus mysql_real_escape_string() by Chris Shiflett. I was not previously aware of this difference and security loophole.

Similar Posts: