function to sanitize input to Mysql database

Question

I am trying to put a general purpose function together that will sanitize input to a Mysql database. So far this is what I have:

function sanitize($input){
          


        

Answer 1

Magic quotes are deprecated. Turn them off if you can :).

The second part addslashes and mysql_real_escape_String does pretty much the same (similar) thing. Just try

addslashes( '\\')
// and
mysql_real_escape_string( '\\')

Result should be \\ so if you use

 mysql_real_escape_string( addslashes( '\\'))

you should get \\ (or '\\\\' as string). Use only mysql_real_escape_string (better) OR addslashes, never both.

I recommend to use PDO instead of raw functions and manual escaping.