每次对mysql_real_escape_string的调用都需要再次访问数据库吗? [英] does Every single call to mysql_real_escape_string require another trip to the database?

问题描述

http://php.net/manual/en/function.mysql-real -escape-string.php :

mysql_real_escape_string()调用MySQL的库函数 mysql_real_escape_string，将反斜杠添加到以下内容 字符:\ x00，\ n，\ r，\，'，和\ x1a.

mysql_real_escape_string() calls MySQL's library function mysql_real_escape_string, which prepends backslashes to the following characters: \x00, \n, \r, \, ', " and \x1a.

好吧，基本上，如果我曾经做过这样的事情:

Ok, so basically if i ever do something like this:

mysql_query("insert T(C)select'".mysql_real_escape_string($value)."'")

我要使用mysql_real_escape_string函数访问数据库一次，而要使用mysql_query函数又要访问数据库= 2次访问数据库?

I'm making 1 trip to the database for the mysql_real_escape_string function and another trip for the function mysql_query = 2 trips to the database?

推荐答案

使用mysql库的事实不是表示它与服务器进行往返.

The fact that it uses the mysql library does not mean it does a round trip with the server.

它运行mysql客户端库中的代码，并以与php解释器相同的过程加载.不过，您确实需要连接-该功能需要知道一些服务器设置才能正常运行.但是这些设置会缓存在PHP端的连接信息中.

It runs code from the mysql client library, loaded in the same process as your php interpreter. You do need a connection though - that function needs to know some server settings to operate properly. But those settings are cached in the connection information on the PHP side.

如果您要验证这一点(并且您使用的是Linux)，请编写一个简单的脚本，如:

If you want to verify this (and you're on linux), write a simple script like:

<?php
$link = mysql_connect('localhost', 'user', 'pass');
echo "Connection done\n";
echo mysql_real_escape_string("this ' is a test");
?>

并通过strace运行它:

$ strace php t.php
....            # here comes the connection to mysql, socket fd == 3
connect(3, {sa_family=AF_FILE, path="/var/run/mysqld/mysqld.sock"}, 110) = 0
fcntl(3, F_SETFL, O_RDWR)               = 0
setsockopt(3, SOL_SOCKET, SO_RCVTIMEO, "\2003\341\1\0\0\0\0\0\0\0\0\0\0\0\0", 16) = 0
....            # talking with mysql here
poll([{fd=3, events=POLLIN}], 1, 60000) = 1 ([{fd=3, revents=POLLIN}])
read(3, "8\0\0\0\n5.1.58-log\0\3\0\0\0K-?4'fL+\0\377\367!"..., 16384) = 60
...
read(3, "\7\0\0\2\0\0\0\2\0\0\0", 16384) = 11
                # first php echo
write(1, "Connection done\n", 16Connection done    )       = 16
                # second php echo
write(1, "this \\' is a test", 17this \' is a test)      = 17
munmap(0x7f62e187a000, 528384)          = 0
....

唯一重要的是，由echo语句引起的两个write之间没有其他系统调用-没有系统调用(无论如何从linux中的用户空间)就不可能进行网络通信.

The only important thing there is that the two writes caused by the echo statements have no other syscall in between - no network communication is possible without a syscall (from userspace in linux anyway).

这篇关于每次对mysql_real_escape_string的调用都需要再次访问数据库吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！