mysql_real_escape_string() van mysql.com docs:
mysql_real_escape_string() is zich bewust van de karakterset, dus het repliceren van al zijn mogelijkheden (vooral tegen multi-byte aanvalsproblemen) is geen geringe hoeveelheid werk.
Van http://cognifty.com/blog.entry/id=6/ addlashes_dont_call_it_a_comeback.html :
AS = addslashes() MRES = mysql_real_escape_string() ACS = addcslashes() //called with "\\\000\n\r'\"\032%_" Feature AS MRES ACS escapes quote, double quote, and backslash yes yes yes escapes LIKE modifiers: underscore, percent no no yes escapes with single quotes instead of backslash no yes*1 no character-set aware no yes*2 no prevents multi-byte attacks no yes*3 no