escaping strings

182x

Hey guys when using a function to escape a string so it doesn't crash when characters like " ' " are used, I think that these are escaped using a backslash so I was just wondering if used to escape a string when inserting data into an array would this also insert the backslash? Thanks.

laserlight

The question is, what will crash? The string certainly will not crash. An SQL injection may be possible if the string is being inserted into a database, and for such an occasion the appropriate escaping function or preferably prepared statements should be used. For such a function, whether backslashes are used to escape depends on the database engine.

Of course, if you escape a string and then copy it over to an element in an array, that array element would remain escaped.

182x

Thanks bur for example would the data in the database instead of ' become \' as then my queries would be wrong.

laserlight

would the data in the database instead of ' become \'

No it would not. Consider this:

echo "Hello\tworld!";

When viewing the client side source, do you expect to see "Hello\tworld!" or "Hello world!"?

182x

I would expect to see to see hello world is this the same in the database?

Thanks again

laserlight

I would expect to see to see hello world is this the same in the database?

Generally, yes.

182x

Thank you very much 🙂