发表新帖
发表新帖

Do I have to use mysql_real_escape_string if I bind parameters?

前端 未结
关注
3 1838
不思量自难忘°
不思量自难忘° 2020-12-03 17:36

I have the following code:

function dbPublish($status)
{
 global $dbcon, $dbtable;

 if(isset($_GET[\'itemId\']))
 {
  $sqlQuery = \'UPDATE \' . $dbtable . \
3条回答
  • 死守一世寂寞
    死守一世寂寞 (楼主)
    2020-12-03 17:49

    No, you must not. Combining the two would result in visible escape characters showing up in your data.

    0 讨论(0)
 看不清?
提交回复
热议问题