addslashes() is crashing the backup

[codo]

When I try to make a backup the function backupTableData crashes at this line: return "'" . addslashes($value) . "'";
When I change this to return "'" . $value . "'"; the code runs correctly, but this doesn't prevent SQL-injection anymore.

On https://www.php.net/manual/en/function.addslashes.php there is this comment:
The addslashes() is sometimes incorrectly used to try to prevent SQL Injection.

Although the code runs now, it can give issues when trying to restore a database.
F.e. in my country (The Netherlands) we have names which contain an single quote (apostrof), like 's-Hertogenbosch, 's-Gravenhage, etc.

I have also looked at using htmlspecialchars($value) or htmlentities($value), but I dont think this will catch all the possibile UTF-8 characters?

Can you advice anything?

Best regards,
Cor van Dooren

[ramazancetinkaya]

Dear @codo,

Thank you for reaching out and sharing the issues you encountered with the backupTableData function.

I would like to inform you that the MySQLBackup library is still under development and is not fully completed yet. For instance, features like PHPMailer integration are still pending. Additionally, there may be some security vulnerabilities and logical errors that need to be addressed.

Currently, I am in the process of rewriting all my PHP libraries from scratch, with a strong focus on enhancing security and improving code quality. My goal is to release a new MySQL Backup library soon, built from the ground up to be a next-generation solution. I have taken note of the problems you mentioned and truly appreciate your valuable feedback.

At this stage, I do not recommend using the existing library in a production environment. However, once the updated version is released, you can confidently use it in production with peace of mind. In the meantime, it can be used for personal projects, but I advise waiting for the new version for optimal performance and security.

Thank you again for your input. I wish you a wonderful day!