应用开发专区
大家来一起探讨探讨php开发中常用的防止SQL注入的方法吧2008-04-14 16:15 |
|
|
我先来说一个我平时常用的 PDO(PHP Data Objects Layer)
|
Description
string mysql_real_escape_string ( string $unescaped_string [, resource $link_identifier ] )
Escapes special characters in the unescaped_string, taking into account the current character set of the connection so that it is safe to place it in a mysql_query(). If binary data is to be inserted, this function must be used.
mysql_real_escape_string() calls MySQL's library function mysql_real_escape_string, which prepends backslashes to the following characters: \x00, \n, \r, \, ', " and \x1a.
This function must always (with few exceptions) be used to make data safe before sending a query to MySQL.
