php – mysql_real_escape_string和addslash有什么区别？

string mysql_real_escape_string ( string $unescaped_string [,resource $link_identifier ] )
mysql_real_escape_string() calls MySQL‘s library function mysql_real_escape_string,which prepends backslashes to the following characters: x00,n,r,,‘,” and x1a.

string addslashes ( string $str )
Returns a string with backslashes before characters that need to be quoted in database queries etc. These characters are single quote (‘),double quote (“),backslash () and NUL (the NULL byte).

它们影响不同的角色. mysql_real_escape_string是特定于MySQL的. Addslashes只是一个通用的功能,可能适用于其他的东西以及MySQL.