PHPDeveloper.org: Ivo Jansch's Blog: Don't use addslashes for database escapes

	News Feed
	Jobs Feed

Sections

Tutorials

Books

Events

Talks

Jobs

News Archive

Community News: Packagist Latest Releases for 05.19.2013

Community News: Packagist Latest Releases for 05.18.2013

DZone.com: Cloning in PHP

PHPMaster.com: Openbiz Cubi: A Robust PHP Application Framework, Part 1

Chris Jones: Offline Processing in PHP with Advanced Queuing

Community News: Packagist Latest Releases for 05.17.2013

Site News: Popular Posts for the Week of 05.17.2013

NetTuts.com: How to Write Testable and Maintainable Code in PHP

Bob Majdak: On SQL in PHP

Community News: Google App Engine now Supports PHP runtime

Ivo Jansch's Blog:
Don't use addslashes for database escapes

by Chris Cornutt December 03, 2007 @ 15:27:00

Ivo Jansch has a reminder for developers when they're putting user data into their databases - don't use addslashes.

[Addslashes] is not the best way to escape data. The most important reason is security. addslashes can lure you into a false sense of security. As Chris Shiflett points out, there are situations that addslashes doesn't escape. Use mysql_real_escape_string instead.

Ivo also talks about the advantages of using the right function and suggests another even more secure way too - PDO.

0 comments voice your opinion now!
addslashes mysqlrealescapestring user input pdo addslashes mysqlrealescapestring user input pdo

blog comments powered by Disqus

Similar Posts

Atlanta PHP Users Group: December Meeting - 1st @ 7pm

Ilia Alshanetsky\'s Blog: php|tek 2006

Ivo Jansch's Blog: Don’t use addslashes for database escapes

Keith Casey's Blog: The First Rule for Software Development

Job Posting: agámi Systems, Inc Seeks UI Engineer (Sunnyvale, CA)

Community Events

Don't see your event here?
Let us know!

All content copyright, 2013 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework