Single quotes are not the only special character that can break a SQL query; however quotes are the only thing which addslashes handles. Int ; command. Attackers can execute arbitrary SQL to drop your tables, make themselves administrators, whatever they want. Such a mismatch can occur if you serialize the result of addslashes and store it in a database; some databases definitely including PostgreSQL automagically strip backslashes from "special" chars in SELECT results, causing the returned string to be shorter than it was when it was serialized. Magic quotes do not protect against other common security vulnerabilities such as cross-site scripting attacks or SMTP header injection attacks.
nest...