What is the difference between addslashes() and mysql_real_escape_string() when sanitizing user input for database insertion in PHP?

When sanitizing user input for database insertion in PHP, it is important to prevent SQL injection attacks by escaping special characters. The addslashes() function escapes characters like quotes, backslashes, and null bytes, but it may not be sufficient to protect against all forms of SQL injection. On the other hand, mysql_real_escape_string() is specifically designed for escaping strings to be used in MySQL queries, providing more robust protection against SQL injection attacks.

// Using mysql_real_escape_string() to sanitize user input for database insertion
$input = $_POST[&#039;user_input&#039;];
$escaped_input = mysql_real_escape_string($input);

// Insert escaped input into database
$query = &quot;INSERT INTO table_name (column_name) VALUES (&#039;$escaped_input&#039;)&quot;;
$result = mysql_query($query);

Keywords

addslashes mysql_real_escape_string user input database insertion PHP

What is the difference between addslashes() and mysql_real_escape_string() when sanitizing user input for database insertion in PHP?

Keywords

Related Questions