发表新帖
发表新帖

Is it necessary to use mysql_real_escape_string(), when magic_quotes_gpc is on?

前端 未结
关注
4 1346
长发绾君心
长发绾君心 2021-01-03 18:47

To prevent SQL injection, is it necessary to use mysql_real_escape_string(), when magic_quotes_gpc is on?

4条回答
  • 暖寄归人
    暖寄归人 (楼主)
    2021-01-03 19:42

    yes its good practice to run all values that are going into your sql statement through the filter mysql_real_escape_string() its not just quotes that the filter is fixing.

    it prevents injection attacks, see the example on the php manual for the method.

    http://php.net/manual/en/function.mysql-real-escape-string.php

    0 讨论(0)
 看不清?
提交回复
热议问题