Re: FN-FORUM: mysql question - large text file [OT]

date posted 7th January 2004 15:44

> Looking at the manual pages, for addslashes() it specifically
> mentions entering strings into a database, and for the other
> one it talks about using a string in a query. But it's not 100%
> clear what the difference is. Care to Clue me up?

I don't know - I suspect we've always used it for the same reason you've
always used addslashes().
There was a point where we decided that we'd always turn off magic_quotes
and never add or strip anything from data, apart from protecting the INSERT
and UPDATE statements themselves as that seemed like it made sense and would
work for us.

I was just curious about whether I'd overlooked something.

From the 'take with a pinch of salt' user comments in the php manual :

I've found that when trying to store binary data in a BLOB field, that you
must do a mysql_escape_string. I'm not sure why, but with
addslashes/stripslashes, the integrity of the data gets messed with, and the
binary data comes out of the database different than when it went in

and

Since PHP 4.3.0 it seems that mysql_escape_string() is deprecated.
Probably you should use mysql_real_escape_string() instead of it.

Andy