add addslashes before inserting user inputs in to database
by rajesh[ Edit ] 2009-10-29 10:00:21
I would recommend addslashes() be used in every place where you get an input via get or post and add it in to database.
Everyone who have worked with inserting user input in to database would have faced the issue when users input has single quote ('), double quote ("), backslash (\) etc..
To resolve the issue just call the function addslases() on the variable.
Example Code:
<php
$value = $_GET['userinput'];
$result = addslashes($value);
?>
What it does:
Returns a string with backslashes before characters that need to be quoted in database queries
Example Code:
<php
$value = "it's test";
$result = addslashes($value);
print "before addslashes() -".$value;
print "after addslashes() -".$result;
?>
Output of the above code:
before addslashes() - it's test
after addslashes() - it\'s test
