Sign Up

Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.

Sign In

Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.

Forgot Password

Lost your password? Please enter your email address. You will receive a link and will create a new password via email.

You must login to ask a question.

Please briefly explain why you feel this question should be reported.

Please briefly explain why you feel this answer should be reported.

Please briefly explain why you feel this user should be reported.

Search

Ask A Question

0

Editorial Team

Asked: May 15, 20262026-05-15T08:27:54+00:00 2026-05-15T08:27:54+00:00

Will it be better if i add to mysql_real_escape_string also addslashes like that: $username

0

Will it be better if i add to mysql_real_escape_string also addslashes like that:

$username = mysql_real_escape_string(trim(addslashes($_POST['username'])));

And is there any need in this in password var:

$password = md5(mysql_real_escape_string(trim($_POST['password'])));

Also i read some topics about safe retrieving data from db…
it says that it would be better to retrieve data like that:

htmlentities(stripslashes($v))

Is it really necessary for safety?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team
2026-05-15T08:27:55+00:00Added an answer on May 15, 2026 at 8:27 am
No, don’t use addslashes. It does not make the string more secure or better in any way, but adds complexity.

Escape the string you want to store in the database. So instead of md5(mysql_real_escape_string($password)), do mysql_real_escape_string(md5($password)).

Think about allowing spaces at the start and end of passwords, thus not trimming them.

Use a salt when storing a password, for securities sake.
0

Reply

Share
Share

Share on Facebook

Share on Twitter

Share on LinkedIn

Share on WhatsApp

Report