Ilia expands upon Chris Shifflets original article comparing mysql_real_escape_string() to addslashes() and focuses on SQL injections, and drawing comparison to using prepared statements instead (ironically, MySQL and SQLite2 don”t support…

Source