我应该使用 mysqli_real_escape_string 还是应该使用准备好的语句? [英] Should I use mysqli_real_escape_string or should I use prepared statements?

问题描述

我应该使用 mysqli_real_escape_string 还是应该使用准备好的语句?

Should I use mysqli_real_escape_string or should I use prepared statements?

我看过一个教程，现在解释了准备好的语句，但我看到它们和 mysqli_real_escape_string 做同样的事情，但它使用了更多行

I've seen a tutorial now explaining prepared statements but I've seen them do the same thing as mysqli_real_escape_string but it uses more lines

准备好的报表有什么好处吗?您认为最好的方法是什么?

Are there any benefits for prepared statements? What do you think is the best method to use?

推荐答案

准备好的语句.因为无处逃避是一回事.实际上，逃避与任何注射都没有关系，不应该用于保护.

Prepared statements only. Because nowhere escaping is the same thing. In fact, escaping has absolutely nothing to do with whatever injections, and shouldn't be used for protection.

虽然准备好的语句在适用时提供 100% 的安全性.

While prepared statements offer the 100% security when applicable.

这篇关于我应该使用 mysqli_real_escape_string 还是应该使用准备好的语句?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！