add addslashes before inserting user inputs in to database

by rajesh 2009-10-29 10:00:21

I would recommend addslashes() be used in every place where you get an input via get or post and add it in to database.

Everyone who have worked with inserting user input in to database would have faced the issue when users input has single quote ('), double quote ("), backslash (\) etc..

To resolve the issue just call the function addslases() on the variable.

Example Code:
<php
$value = $_GET['userinput'];
$result = addslashes($value);
?>

What it does:
Returns a string with backslashes before characters that need to be quoted in database queries

Example Code:

<php
$value = "it's test";
$result = addslashes($value);

print "before addslashes() -".$value;
print "after addslashes() -".$result;
?>

Output of the above code:
before addslashes() - it's test
after addslashes() - it\'s test


Tagged in:

831
like
0
dislike
0
mail
flag

You must LOGIN to add comments