Why use mysql_real_escape_string, doesn't addslashes prevent everything?

Posted by Webnet on Stack Overflow See other posts from Stack Overflow or by Webnet
Published on 2010-03-29T18:51:07Z Indexed on 2010/03/29 18:53 UTC
Read the original article Hit count: 202

Filed under:

I was looking through the docs and stumbled onto mysql_real_escape_string() and I'm not understanding why it's useful when you can just addslashes(). Can someone show me a scenario as to why it's useful?

I'm also curious why it requires a database connection.... that seems like a lot of overhead.

© Stack Overflow or respective owner

Related posts about mysql