I have been doing some reading and I get different answers from different sources. My question comes into play regarding the integrity of securing database queries.

For the longest time, I have simply been checking my magic quotes settings and addslashes if it was off. Today I was reading an article and I believe I should ALSO be stripping the slashes if magic quotes is on when using mysql_real_escape_string. Is this true and if so, what does this do? Double escaping??

I've also come to find that neither protects you from attacks using LIKE and similar. I had a hard time finding an answer to preventing these attacks, some relied on str_replace and other methods but .. should I be using addcslashes instead of using addslashes to excape this data? I've been reading up at the manual for awhile researching this problem and it seems like a good solution, though I have never used it to see any results. Would this be safe?