What is the difference between PHP addlashes and mysql (i) _escape_string?

Question

What is the difference between PHP addlashes and mysql (i) _escape_string?

Possible duplicate:
mysql_real_escape_string VS addlashes

If they do not do the same, what's the difference? The value separator inside a MySQL query is this ', isn't it? Or maybe ", but it also slipped away with the help of addlashes.

In other database machines, I understand (and specifically inside db covers like PDO), but why are so many people so fond of using mysql (i) _escape_string instead of addlashes?

+5

security php mysql mysql-real-escape-string addslashes

Rudie Dec 20 '10 at 0:36

source share

4 answers

, SQL addslashes() , mysql_real_escape_string() - .

? SQL- MySQL, . addslashes(), , . , , - 0xbf27, addslashes() 0xbf5c27, , . , , . , 0xbf5c , . , .
....
addslashes(), , . SQL-.
, mysql_real_escape_string(), .

, , , , . , . , SQL- (, MS SQL) . - , .

+5

Pekka 웃 20 . '10 0:39

, , , SQL .

. http://bobby-tables.com/php.html, .

+1

Andy Lester 20 . '10 1:01

. , addslashes() , SQL, ASCII. UTF-8, MySQL , UCS2 (UTF-16) GB/Big5. , ascii ' \'. MySQL SQL-. MySQL.

0

mario 20 . '10 0:57

Jon · Accepted Answer · 2010-12-20T00:51:33+0000

: mysql_escape_string, ( - )!

, mysql ( ), mysql_real_escape_string. mysqli, .

, , mysql_real_escape_string addslashes:

# 1

addslashes MySql. , , , , MySql, , ', ", \ \x00. , ', ", \ \x00, , 8- UTF-8. , , MySql, .

, iconv, UTF-16, addslashes. , .

, addslashes .

# 2

addslashes, mysql_real_escape_string \r, \n \x1a. , MySql,

, addslashes .

What is the difference between PHP addlashes and mysql (i) _escape_string?

More articles: