Addslashes PHP

Addslashes() with PHP

You should sanitize data before inserting or updating data from forms into a mysql database. Two common methods are to use the functions mysqli_real_escape_string() or addslashes(). Sanitizing with mysqli_real_escape_string() is the best option, but, for demo purposes, I will show another method(which I would personally never use in production).

Note:
If you plan to update the data in the future, using the stripslashes function applied to the selected data will remove the slashes. Otherwise, you could end up with a string like John\'s shoes.

Here is how a query would look when the using addslashes() function is used on a variable:

$command = "INSERT INTO table VALUES (NULL, '".addslashes($_POST[name])."', '".addslashes($_POST[username])."', '".addslashes($_POST[email])."', '".addslashes($_POST[address])."', now())";

$result = mysqli_query($db, $command);

Here is how a query would look to display data for which slashes had been added:
Note:

$command = "SELECT name, email FROM table where id='".addslashes($id)."';";
$result = mysqli_query($db, $command);
while ($data = mysqli_fetch_object($result)) {
echo stripslashes($data->name)." ".stripslashes($data->email);

or

$command = "SELECT name, email FROM table where id=1";
$result = mysqli_query($db, $command);
while ($data = mysqli_fetch_object($result)) {
echo stripslashes($data->name).
" ".stripslashes($data->email);

or

$command = "SELECT name, email FROM table where id=1";
$result = mysqli_query($db, $command);
while ($row = mysqli_fetch_assoc($result)) {
$name=$row[‘name’];
echo stripslashes($name)." ".stripslashes($row[“email”]);
echo stripslashes($row[’email’]);