use of db_addslashes

This topic is locked

use of db_addslashes	2/23/2015 4:37:31 PM
PHPRunner General questions
P procheck author Hi, Does this need to be escaped? $str= "<select id=\"my_dropdown1\" onchange=\" window.location.href='Compare_Teams_dashboard.php?a=search&value=1&SearchFor1=' + this.options[this.selectedIndex].value +'&SearchOption=Contains&SearchField=TeamName'; \"><option value=\"\">".$_SESSION["srchteamA"]."</option>"; I was reading an article comparing addslashes vs mysql_real_escape_string(). Any comments on this? http://securityreliks.securegossip.com/2011/02/sql-injection-bypassing-addslashes/ Thanks

No data yet.