Does mysql_real_escape_string (or mysql_escape_string) do anything extra that addslashes() doesn't? In the examples in the manual it is just used to escape the ' character, but that is exactly what addslashes() will do anyway.
real_escape_string() takes the current character set into consideration when it escapes characters. Probably 99% of the time it's going to behave like addslashes(), but it's still good to use it because you're letting the database determine what needs to be escaped rather than just assuming it's only the characters covered by addslashes().
Is mysql_real_escape_string tolerant of magic quotes? i.e. will you end up with double-quoted strings like: "it\\'s a lovely day" if you call it too many times?
Yes, you'll end up with extra backslashes. If you ever see "it\'s a lovely day" in your database, then you're escaping the string more than once. You shouldn't see escape characters in your database or have to stripslashes() anything coming out of your database (unless you have magic_quotes_runtime() enabled).
-- ---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals – www.phparch.com
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
