发表新帖
发表新帖

Does FILTER_VALIDATE_EMAIL make a string safe for insertion in database?

后端 未结
关注
5 464
借酒劲吻你
借酒劲吻你 2020-12-11 19:35 
$str = \'\"mynam@blabl\"@domanin.com\';

filter_var($str, FILTER_VALIDATE_EMAIL);//return valid email.

the above email returns true... Fair enough

5条回答
  • 一生所求
    一生所求 (楼主)
    2020-12-11 19:59

    Yes - do not rely on anything besides the database specific escaping mechanism for safety from SQL injection.

    Always use mysql_real_escape_string() on it before using it in SQL.

    0 讨论(0)
 看不清?
提交回复
热议问题