addslashes for input to mysql

Posted under » PHP » MySQL on 10 October 2012

Returns a string with backslashes before characters that need to be quoted before inserting to a mySQL table etc. These characters are single quote ('), double quote ("), backslash (\). 

$title = addslashes($_POST[title]);
$text = addslashes($_POST[text]);

mysql_query("UPDATE heh SET title = '$title', text = '$text' WHERE hid = '$_POST[hid]'");
 

web security linux ubuntu python django git Raspberry apache mysql php drupal cake javascript css AWS data