Home/ Questions/Q 43571
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-10T15:30:58+00:00

mysql_real_escape_string and addslashes are both used to escape data before the database query, so

  • 0

mysql_real_escape_string and addslashes are both used to escape data before the database query, so what’s the difference? (This question is not about parametrized queries/PDO/mysqli)

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. string mysql_real_escape_string ( string $unescaped_string [, resource $link_identifier ] )
    mysql_real_escape_string() calls MySQL’s library function mysql_real_escape_string, which prepends backslashes to the following characters: \x00, \n, \r, \, ‘, ‘ and \x1a.

    string addslashes ( string $str )
    Returns a string with backslashes before characters that need to be quoted in database queries etc. These characters are single quote (‘), double quote (‘), backslash (\) and NUL (the NULL byte).

    They affect different characters. mysql_real_escape_string is specific to MySQL. Addslashes is just a general function which may apply to other things as well as MySQL.

    • 0