I'm running into the problem of users being able to submit data with ' " and blank values. I think addslashes() will work but just wanted to know what it does for blank values?
Example:
User enters data like: Company Name: ABC's
User can skip fields as well: Company URL:
I want to know what addslashes() will add if they leave the field blank. I guess my question is how does addslashes() treat blanks? As NULL?
Well, if the blank really is a blank (= a completely empty value), it will be null in PHP I assume. The manual says that a ´null´ value will be escaped with a backslash:
Returns a string with backslashes before characters that need to be quoted in database queries etc. These characters are single quote ('), double quote ("), backslash () and NUL (the NULL byte).
but when I test it using
print_r(addslashes(null));
I get a completely empty result (=null, no backslash).
The answer provided is accurate. The one thing to consider is if you are looking specifically for the null value. While addslashes() will not affect the null value field, it will not change a 'blank' to a null value. You may have already considered this, but it may be useful to trim() the values beforehand.
$new_value = addslashes(trim($value));
This will remove any blanks or spaces from the "empty" field so that it will in fact return a null value.