lindsd1111 Posted September 2, 2014 Share Posted September 2, 2014 Hi Larry (and all). I had a problem on my VPS that forced me to look a bit more closely at cleaning strings before writing them to MySQL. So this got me to wonder: What is the difference between escape_data() and $mysqli->real_escape_string()? Larry uses functions like this one during the login process: $fn = escape_data($_POST['first_name'], $dbc); Other authors suggest functions like this one: $fn = $mysqli->real_escape_string($_POST['first_name']); Can someone explain the difference between them (and which one is "preferred")? Link to comment Share on other sites More sharing options...
Necuima Posted September 3, 2014 Share Posted September 3, 2014 Hi, escape_data() is a function that you define in one of your scripts. I have seen various versions of this function but my understanding is that the function tests which environment you are running in and then applies the appropriate PHP escape_data_string function to the data. So one is a function you define, the other is a standard PHP function (or method in your case above). Please correct me if my understanding is not correct. Cheers from Oz. 1 Link to comment Share on other sites More sharing options...
Larry Posted September 5, 2014 Share Posted September 5, 2014 Yep, that's exactly correct (and thanks). escape_data() at its heart calls mysqli_real_escape_string(). But it may apply stripeslashes() first, depending upon your PHP settings. Link to comment Share on other sites More sharing options...
lindsd1111 Posted September 5, 2014 Author Share Posted September 5, 2014 Super; thanks! Link to comment Share on other sites More sharing options...
Recommended Posts