What is the best option to escape a string before inserting it into the database. addslashes() or mysql_real_scape_string()?

Asked

Viewed 159 times

4

I am developing a project that involves pass words among other important infomations that I need to insert into the mysql database.

My question is which option should I use to escape this data against sql Injection. I am currently using a regular expression that removes unwanted characters. I am using PDO.

  • To enter data into the database, use the mysql_real_escape_string, then if possible explain better why. Take advantage and read this - Why not use mysql functions_*

1 answer

2

  • I was reading a little about the addslashes and I was in doubt because there was an article that explained that this method was not safe. Hence my doubt.

  • Using addslashes is almost the same as forcing the use of quotes in the PDO, this is kind of the idea.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.