在MySQL查询中，围绕表名的反引号的重要性 [英] Importance of backtick around table name in MySQL query

问题描述

在MySQL查询中，将反引号放在表名周围有多重要.它与安全性有关吗?如果表名是根据用户输入在PHP中动态创建的，则可以通过表名进行MySQL注入攻击吗?

In MySQL queries, how important is it to put backticks around a table name. Does it have something to do with security? Are MySQL injection attacks possible through the table name if the table name is created dynamically in PHP based on user inputs?

推荐答案

例如，反引号可以帮助您避免意外使用名称(该名称在SQL中是保留字).以一个名为"where"的表为例，这是我同意的表的愚蠢名称，但是如果将其包装在反引号中，它将很好地工作.

The backticks help you from accidentally using a name that is a reserved word in SQL for example. Take a table named "where", it's a stupid name for a table I agree, but if you wrap it in backticks it will work fine.

这篇关于在MySQL查询中，围绕表名的反引号的重要性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！