What should I use mysql_real_escape_string or addslashes vs PDO::quote?

Asked Jun 02 '15 at 17:07

Active Sep 07 '17 at 08:48

Viewed 436 times

I needed to insert ~!@#$%^*()_+}|:"<>?/.,'\][=- into mysql through PHP and also call it back. I use PDO. Will pdo::quote do the job? I mean all it does it convert Co'mpl''ex "st'"ring to quoted string: 'Co''mpl''''ex "st''"ring'

But the function says it escapes special character. I thought to escape a special character, \ is required in front of the special character.

Or shall I use mysql_real_escape_string or addslashes and strip_tags?

edited Sep 07 '17 at 08:48

Paolo Forgia

6,572
8
46
58

asked Jun 02 '15 at 17:07

Internial

1

http://stackoverflow.com/questions/134099/are-pdo-prepared-statements-sufficient-to-prevent-sql-injection. If you are preparing your statement and not dynamically constructing a query then PDO already takes care of that. – Hozikimaru Jun 02 '15 at 17:18

What should I use mysql_real_escape_string or addslashes vs PDO::quote?

0 Answers0