It still amazes me how many people seem to use addslashes() in their PHP projects rather than using mysql_real_escape_string(). Now, don’t get me wrong – I know that I have used addslashes in the past – but that was when I was a pure n00b in PHP! I’ve been using mysql_real_escape_string for quite a while now for many reasons. For one, when using MySQL you should be using the Native functions, if possible, to add slashes … it just makes sense. I feel that there’s too many books out there teaching n00bs, along with too many n00bs teaching n00bs how to program like this.

These people are usually the same people using $_REQUEST rather than $_GET or $_POST. It’s pure laziness and it erks me to see it.