[nassau]

i don't know how to phrase my question really but here goes...

is it ok to have a value in mysql exactly like this

Code:

\bla'

or should it be

Code:

\\bla\'

what i wonder is if only the query needs to be addslashed or if the ectual entry also needs to be stored addslashed in the database.



thanks

[pmazer]

I don't really know what you mean. Do you mean that you want to do a MySQL query in PHP since that's what all your questions have been about? A query that looks like:

Code:

"SELECT * FROM table;"

should suffice. Getting more specific:

Code:

"SELECT * FROM table WHERE field = 'value';"

should also suffice.

[nassau]

i know how to make queries thank you.

the question is; should i keep stored values addslashed in the database?

[Gargoyle]

I think your missing the point of addslashes! Addslashes is there to protect the database and/or the sql from getting messed up by having certian characters. The values in your database SHOULD NOT have slashes, 'cos then you are not storing the correct data!

Just to really throw a spanner in the works, you should be using mysql_real_escape_string!

[nassau]

so, let's assume someone wants to store the following in mysql

Code:

i'm the best

is it then good practice to store that in mysql as

Code:

i\'m the best

and btw, what is the real difference between mysql_real_escape_string and addslashes? they both appear to do the same thing.

[spotcatbug]

You store in your Db:

Code:

I'm the best

and you use in your queries:

Code:

I\'m the best

[nassau]

ok, thanks

[rollercoaster375]

mysql_real_escape_string() is prefered to addslashes(). If there's an issue with MySQL specifically, addslashes won't deal with it.

Same goes for other escaping functions - always use the closest provided one.

[nassau]

makes sense, thanks