Can SQL injection be prevented with just addslashes(string)? [duplicate]

Answer 1

No, it's not safe. Use mysql_real_escape_string() instead. It shouldn't add anything beyond what it takes to escape the string.

http://php.net/mysql-real-escape-string

This applies to other databases too: use the extension-specific escape function.