Why use mysql_real_escape_string, doesn't addslashes prevent everything?
There is a great article about this here. And this discussion also points out the pros and cons of each solution.
Nether mysql_real_escape_string() or addslashes() prevent everything (what about xss or even xsrf?), and most importantly nether of them prevent all SQL Injection.
I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.
Related Questions
What does mysql_real_escape_string() do that addslashes() doesn't?
Mysql_real_escape_string VS addslashes?
What is the difference between mysql_real_escape_string and addslashes?
Is addslashes() safe to prevent XSS in a HTML attribute?
Examples of SQL Injections through addslashes()?
Addslashes, mysql_real_escape always adding two slashes?