(转)addslashes与mysql_real_escape_string的区别
我们为了更深层次的探究这两个函数的不同..还是去看一看PHP的源码吧..


这是PHP的addslashes函数..


PHP_FUNCTION(addslashes) 
{ 
    zval **str; 

    if (ZEND_NUM_ARGS() != 1 || zend_get_parameters_ex(1, &str) == FAILURE) { 
        WRONG_PARAM_COUNT; 
    } 
    convert_to_string_ex(str); 

    if (Z_STRLEN_PP(str) == 0) { 
        RETURN_EMPTY_STRING(); 
    } 

    RETURN_STRING(php_addslashes(Z_STRVAL_PP(str), 
                                 Z_STRLEN_PP(str),  
                                 &Z_STRLEN_P(return_value), 0  
                                 TSRMLS_CC), 0); 
}

很显然.它调用了php_addslashes.我们继续看这个函数


PHPAPI char *php_addslashes(char *str, int length, int *new_length, int should_free TSRMLS_DC) 
{ 
    return php_addslashes_ex(str, length, new_length, should_free, 0 TSRMLS_CC); 
}

结果又是是在调用php_addslashes_ex 我们就像在剥洋葱一样..一步一步的接近真理..


PHPAPI char *php_addslashes_ex(char *str, int length, int *new_length, int should_free, int ignore_sybase TSRMLS_DC) 
{ 
    /* maximum string length, worst case situation */
    char *new_str; 
    char *source, *target; 
    char *end; 
    int local_new_length; 
             
    if (!new_length) { 
        new_length = &local_new_length; 
    } 
    if (!str) { 
        *new_length = 0; 
        return str; 
    } 
    new_str = (char *) safe_emalloc(2, (length ? length : (length = strlen(str))), 1); 
    source = str; 
    end = source + length; 
    target = new_str; 
     
    if (!ignore_sybase && PG(magic_quotes_sybase)) { 
        while (source < end) { 
            switch (*source) { 
                case '\0': 
                    *target++ = '\\'; 
                    *target++ = '0'; 
                    break; 
                case '\'':