Is this a secure method to insert form data into a MySQL database? [duplicate]

后端未结

关注

 4  1110

醉话见心 2021-01-03 17:23

4条回答

情歌与酒 (楼主)

2021-01-03 18:18

$magic_quotes_active = get_magic_quotes_gpc();
$real_escape_string_exists = function_exists('mysql_real_escape_string');

function escape_value($sql) {
    if ($real_escape_string_exists) {
        if($magic_quotes_active) {
            $sql = stripslashes($sql);
        }
        $sql = mysql_real_escape_string($sql);
    } else {
        if(!$magic_quotes_active) {
            $sql = addslashes($sql);
        }
    }
    return $sql;
}

This is considered a very secure way to insert stuff into a database. Use the returned $sql to as your query!

0 讨论(0)

查看其它4个回答

热议问题