我应该使用mysqli_real_escape_string还是应该使用准备好的语句? [英] Should I use mysqli_real_escape_string or should I use prepared statements?

问题描述

我应该使用mysqli_real_escape_string还是应该使用准备好的语句?

Should I use mysqli_real_escape_string or should I use prepared statements?

我看过一个教程，现在解释准备好的语句，但是我看到它们的作用与mysqli_real_escape_string相同，但是它使用了更多的行

I've seen a tutorial now explaining prepared statements but I've seen them do the same thing as mysqli_real_escape_string but it uses more lines

准备好的陈述有什么好处吗? 您认为最好的方法是什么?

Are there any benefits for prepared statements? What do you think is the best method to use?

推荐答案

准备好的语句.因为无处可逃是一回事.实际上，转义与任何注入绝对无关，也不应该用于保护.

Prepared statements only. Because nowhere escaping is the same thing. In fact, escaping has absolutely nothing to do with whatever injections, and shouldn't be used for protection.

在适当的情况下，准备好的语句可提供100％的安全性.

While prepared statements offer the 100% security when applicable.

这篇关于我应该使用mysqli_real_escape_string还是应该使用准备好的语句?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！