My brother Mark has put together a comparison of addslashes() alternatives over at his blog. He starts off with:
I’ve seen a lot of people talking about mysql_real_escape_string() vs addslashes() vs addcslashes(). There seems to be a lot of real confusion about what these functions do (even with the php.net manual around), especially when it comes to character sets. I feel that some people are being scared into using some escaping methods with which they are not very familiar. So, I’ve decided to lay it all out in a few charts so there is no confusion about what each function does and how each can help protect against SQL injection attacks.
Read on if you’re interested in this sort of thing, and to get his final conclusion.
I'm currently working on a book for web freelancers, covering everything you need to know to get started or just get better. Want to stay updated? Sign up for my mailing list to get updates when the book is ready to be released!