addslashes() VS. mysql_real_escape_string()

sneakyimp

the bout of the century!

what is the damn difference? I'm trying to create a function which i expect to run on all form data before I sent it off to a query which inserts it into a database.

the php docs say this about mysql_real_escape_string():
[q]This function will escape special characters in the unescaped_string, taking into account the current charset of the connection so that it is safe to place it in a mysql_query(). [/q]

what exactly does that mean? what charset are they talking about?

Drakla

There are a couple of characters that escape string doesn't put a slash before that addslashes does. The charset is the current one that mysql is using, different countries use different ones. If that's not a concern for you just use mysql_escape_string without the real as it doesn't require a connection.