While we're at it: it also fails to understand the difference between addslashes... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		duskwuff on May 22, 2009 \| parent \| context \| favorite \| on: Prevention of SQL injection in PHP While we're at it: it also fails to understand the difference between addslashes() and mysql_escape_string(). (It's not just a matter of whether you're assigning the result to a variable or not!)

mildweed on May 22, 2009 [–]

While you're still at it: get rid of the quotes entirely, just htmlentities( ) where appropriate.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact