addslashes for input to mysql

Posted under » PHP » MySQL on 10 October 2012

Returns a string with backslashes before characters that need to be quoted before inserting to a mySQL table etc. These characters are single quote ('), double quote ("), backslash (\).

$title = addslashes($_POST[title]);
$text = addslashes($_POST[text]);

mysql_query("UPDATE heh SET title = '$title', text = '$text' WHERE hid = '$_POST[hid]'");

 

web security linux ubuntu GIT svn Raspberry apache mysql php drupal cake symfony javascript Ajax css