Home/ Questions/Q 5848735
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-22T12:54:04+00:00

i need to enter a string to my database, this string may contain this

  • 0

i need to enter a string to my database, this string may contain this caracter :', i wasn’t able to enter this until i used addslashes() function, however when trying to display the string manipulated with the addslashes() later to the user it appears with the slash

$this->adresse=addslashes($this->adresse);//example : L'Arc

when trying to display it later i got : L\'Arc

for inserting into database i use the PDO like this :

$req=$bdd->prepare('Insert into ...

can you please help me, i want to prevent this caracter ' into the query but in the other side i don’t want that the \ will be shown with the string .

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    addslashes shouldn’t be necessary and shouldn’t be used when interacting with a database. Preferred over addslashes is whatever quote function the DB driver provides. Preferred over quote functions are prepared statement parameters, which will prevent injection attacks. Moreover, you can’t forgot parameters, while you can forget to quote. For example:

    $thing = new StdClass;
$thing->foo = 'bar';
$thing->addresse = 'anywhere';
$req = $bdd->prepare('INSERT INTO table (addresse, foo) VALUES (:addresse, :foo)');
$req->execute((array) $thing);

    Not that casting an object to an array and passing that to execute is appropriate for your DAL.

    • 0