mysql_real_escape_string()的实际作用是什么? [英] what does mysql_real_escape_string() really do?
问题描述
我有时不喜欢文档(当您是初学者时)的一件事是它实际上并没有用英语描述事物.有人介意为我翻译这份文档吗?我想知道这究竟如何使黑客更难以插入字符.
One thing that I hate about documentation at times (when you're a beginner) is how it doesn't really describe things in english. Would anyone mind translating this documentation for me? I'd like to know how exactly this makes things harder for a hacker to insert characters.
http://php.net/manual/zh/function.mysql-real-escape-string.php
如果是这种情况,黑客将如何尝试插入字符?
Also, if this is the case, how would a hacker try to insert characters?
推荐答案
该函数在传递给该函数的字符串中的某些潜在危险字符之前添加转义字符,反斜杠\.转义的字符是
The function adds an escape character, the backslash, \, before certain potentially dangerous characters in a string passed in to the function. The characters escaped are
\ x00,\ n,\ r,\,',和\ x1a.
\x00, \n, \r, \, ', " and \x1a.
这可以帮助防止通常通过使用'字符将恶意代码附加到SQL查询来执行的SQL注入攻击.
This can help prevent SQL injection attacks which are often performed by using the ' character to append malicious code to an SQL query.
这篇关于mysql_real_escape_string()的实际作用是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!