php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Doc Bug #52901 addslashes for database queries
Submitted: 2010-09-21 16:57 UTC Modified: 2010-09-22 09:58 UTC
From: johnston dot joshua at gmail dot com Assigned:
Status: Wont fix Package: Documentation problem
PHP Version: Irrelevant OS: ALL
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2010-09-21 16:57 UTC] johnston dot joshua at gmail dot com
Description:
------------
Please remove the cruft about using addslashes to escape data for database queries. It gives people the wrong idea.

I know it says use mysql_real_escape string right after it, but even the suggestion of using addslashes gives new people the wrong idea. Tell them it's great for escaping strings for use in javascript or something. please!


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-09-21 17:00 UTC] philip@php.net
-Status: Open +Status: Feedback
 [2010-09-21 17:00 UTC] philip@php.net
Where do you see this?
 [2010-09-21 17:10 UTC] johnston dot joshua at gmail dot com
-Status: Feedback +Status: Open
 [2010-09-21 17:10 UTC] johnston dot joshua at gmail dot com
http://php.net/addslashes

Under Desc the first two sentences are:

Returns a string with backslashes before characters that need to be quoted in database queries etc. These characters are single quote ('), double quote ("), backslash (\) and NUL (the NULL byte).

An example use of addslashes() is when you're entering data into a database. For example, to insert the name O'reilly into a database, you will need to escape it.
 [2010-09-22 09:58 UTC] aharvey@php.net
-Status: Open +Status: Wont fix
 [2010-09-22 09:58 UTC] aharvey@php.net
I'd say the text there is already correct: it says to use the DBMS specific escaping function if there is one, but there are database extensions without escaping functions, in which case addslashes() is the correct function to use.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Wed Apr 17 00:01:28 2024 UTC