Slashes or no slashes

Prev: CURDATE
Next: PgWest 2010 CFP (second call)

From: Karl DeSaulniers on 19 Aug 2010 17:28

---

Hello,
When I add an item to my database and I use addslashes(),
do I have to use addslashes() to a query that looks for that item?
Or would I be adding double slashes and canceling my own result?
TIA

Karl DeSaulniers
Design Drumm
http://designdrumm.com

From: "Daevid Vincent" on 19 Aug 2010 17:36

---

You should be using
http://us2.php.net/manual/en/function.mysql-escape-string.php

You don't need to search with extra slashes for retrieval.

> -----Original Message-----
> From: Karl DeSaulniers [mailto:karl(a)designdrumm.com]
> Sent: Thursday, August 19, 2010 2:29 PM
> To: php-db(a)lists.php.net
> Subject: [PHP-DB] Slashes or no slashes
>
> Hello,
> When I add an item to my database and I use addslashes(),
> do I have to use addslashes() to a query that looks for that item?
> Or would I be adding double slashes and canceling my own result?
> TIA
>
> Karl DeSaulniers
> Design Drumm
> http://designdrumm.com
>
>

From: Karl DeSaulniers on 19 Aug 2010 17:41

---

On Aug 19, 2010, at 4:36 PM, Daevid Vincent wrote:

> You should be using
> http://us2.php.net/manual/en/function.mysql-escape-string.php
>
> You don't need to search with extra slashes for retrieval.
>
>> -----Original Message-----
>> From: Karl DeSaulniers [mailto:karl(a)designdrumm.com]
>> Sent: Thursday, August 19, 2010 2:29 PM
>> To: php-db(a)lists.php.net
>> Subject: [PHP-DB] Slashes or no slashes
>>
>> Hello,
>> When I add an item to my database and I use addslashes(),
>> do I have to use addslashes() to a query that looks for that item?
>> Or would I be adding double slashes and canceling my own result?
>> TIA
>>
>> Karl DeSaulniers
>> Design Drumm
>> http://designdrumm.com
>>
>>
>
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>


Thanks for the response Daevid.
So, I don't need to use addslashes() at all?
Instead use mysql-escape-string() on INSERT statements, UPDATE
statements, SELECT statements, etc?
Best,

Karl DeSaulniers
Design Drumm
http://designdrumm.com

From: Karl DeSaulniers on 19 Aug 2010 17:44

---

On Aug 19, 2010, at 4:36 PM, Daevid Vincent wrote:

> You should be using
> http://us2.php.net/manual/en/function.mysql-escape-string.php
>
> You don't need to search with extra slashes for retrieval.
>
>> -----Original Message-----
>> From: Karl DeSaulniers [mailto:karl(a)designdrumm.com]
>> Sent: Thursday, August 19, 2010 2:29 PM
>> To: php-db(a)lists.php.net
>> Subject: [PHP-DB] Slashes or no slashes
>>
>> Hello,
>> When I add an item to my database and I use addslashes(),
>> do I have to use addslashes() to a query that looks for that item?
>> Or would I be adding double slashes and canceling my own result?
>> TIA
>>
>> Karl DeSaulniers
>> Design Drumm
>> http://designdrumm.com
>>
>>
>
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>


Ah, but lets say I am using a character set utf-8, I should use
mysql_real_escape_string() instead?
Best,

Karl DeSaulniers
Design Drumm
http://designdrumm.com

From: Karl DeSaulniers on 19 Aug 2010 18:05

---

On Aug 19, 2010, at 4:44 PM, Karl DeSaulniers wrote:

> On Aug 19, 2010, at 4:36 PM, Daevid Vincent wrote:
>
>> You should be using
>> http://us2.php.net/manual/en/function.mysql-escape-string.php
>>
>> You don't need to search with extra slashes for retrieval.
>>
>>> -----Original Message-----
>>> From: Karl DeSaulniers [mailto:karl(a)designdrumm.com]
>>> Sent: Thursday, August 19, 2010 2:29 PM
>>> To: php-db(a)lists.php.net
>>> Subject: [PHP-DB] Slashes or no slashes
>>>
>>> Hello,
>>> When I add an item to my database and I use addslashes(),
>>> do I have to use addslashes() to a query that looks for that item?
>>> Or would I be adding double slashes and canceling my own result?
>>> TIA
>>>
>>> Karl DeSaulniers
>>> Design Drumm
>>> http://designdrumm.com
>>>
>>>
>>
>>
>> -- PHP Database Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>
>
> Ah, but lets say I am using a character set utf-8, I should use
> mysql_real_escape_string() instead?
> Best,
>
> Karl DeSaulniers
> Design Drumm
> http://designdrumm.com
>
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>


For a line like this..

return htmlspecialchars(stripslashes($this->values[$field]));

would I change this to?

return mysql_real_escape_string($this->values[$field]);

Or do I still need the htmlspecialchars? In that case would I change
it to?

return htmlspecialchars(mysql_real_escape_string($this->values
[$field]));

TIA

Karl DeSaulniers
Design Drumm
http://designdrumm.com

 |  Next  |  Last
Pages: 1 2 3 4
Prev: CURDATE
Next: PgWest 2010 CFP (second call)