Hello there, pls i need to know the differences between the followings and if they can be used interchangeably. addslashes stripslashes mysql_real_escape_string mysql_escape_string I have read many articles on the above that are complicating. One of them says you use addslashes to insert into database and stripslashes to retrieve from database. But whenever i use addslashes for my form, after submiting the form, any text that has special characters like ' or " will display 3 backslashes before the character. if i use mysql_real_escape_string or mysql_escape_string, the form will return \r\n in place of the character. but if i use stripslashes it will return every special character the normal way without any problem. so which is the best?
Obviously as the names suggest the last 2 are the most fit for inserting data into the database. from these 2 mysql_real_escape_string is the better one since according to the PHP manual "mysql_escape_string() does not escape % and _" and "has been DEPRECATED as of PHP 5.3.0." with a note saying "relying on this feature is highly discouraged". As far as I know the best option for MySQL however is MySQLi_STMT about which you can read more on php.net. the following page has an example: http://php.net/manual/en/mysqli-stmt.bind-param.php
@ Sephr - Your pic just screams awesomeness! And great explanation, even I learned a little something on this post. I wasn't aware of that they depreciated it as of 5.3, I gotta jump back into some old code. UGH!