What's the difference?

influx

What exactly is the difference between addslashes() and mysql_real_escape_string()?

-influx

maxpup979

spelling for one...🙂

And from the manual....
Note: A MySQL connection is required before using mysql_real_escape_string() otherwise an error of level E_WARNING is generated, and FALSE is returned. If link_identifier isn't defined, the last MySQL connection is used.

Note: If magic_quotes_gpc is enabled, first apply stripslashes() to the data. Using this function on data which has already been escaped will escape the data twice. 

Note: If this function is not used to escape data, the query is vulnerable to SQL Injection Attacks. 

Note: mysql_real_escape_string() does not escape % and _. These are wildcards in MySQL if combined with LIKE, GRANT, or REVOKE.

LoganK

mysql_real_escape_string uses a MySQL function (not PHP) to add slashes before certain characters. Add slashes adds slashes before certain characters, but not the same ones that mysql_real_escape_string escapes.

Guess where I got this info?

The Holy Book of PHP

Edit: Google is your friend! A search on Google brought me to this.
Edit 2: Later in the posts it mentions a good way of validating numerical auto_update IDs in MySQL: typecasting the variable as "int" before using it in a query. So,

"SELECT * FROM table WHERE id=" . (int) $_GET['id'];