PostgreSQL是否有PHP mysql_real_escape_string？ [英] Is there PHP mysql_real_escape_string for postgresql?

问题描述

是否有用于PostgreSQL的PHP​​ mysql_real_escape_string？
如果是，那么如何？请举个例子吗？ &还是该字符串的工作

Is there PHP mysql_real_escape_string for postgresql? if yes then how ? please Give the Examples? & also the work of this string

推荐答案

或者，您也可以使用准备好的语句（ pg_prepare ）和占位符（ $ 1 ， $ 2 等），然后在 pg_execute 。这将是我的首选方式，因为它不仅更清洁，而且从长远来看也更安全，因为如果您始终在准备好的语句中使用占位符，就没有机会进行SQL注入。

Alternatively you could use prepared statements (pg_prepare) and placeholders ($1, $2, etc), and then give the arguments for the query in pg_execute. This would be my preferred way as it's not only cleaner, but also safer in the long run since there's no chance for SQL injections if you always use placeholders in prepared statements.

这篇关于PostgreSQL是否有PHP mysql_real_escape_string？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！