今天,mysql_real_escape_string()转义了单引号和双引号 [英] Today, mysql_real_escape_string() is escaping single quotes AND double quotes
问题描述
$str = 'BEGIN This is a "quote" test. \'Single\' END';
echo $str . "\n";
echo mysql_real_escape_string($str);
// Outputs:
BEGIN This is a "quote" test. 'Single' END
BEGIN This is a \"quote\" test. \'Single\' END
在CentOS上运行PHP 5.3.2.据我所记得,mysql_real_escape_string()
将仅转义单引号以防止sql注入.双引号与此无关,因为"
在MySQL中不会开始或结束字符串文字!
Running PHP 5.3.2 on CentOS. As far as I can remember, mysql_real_escape_string()
will only escape single quotes to prevent sql injections. Double quotes have nothing to do with that, because "
does not start or end a string literal in MySQL!
这导致反斜杠被插入到数据中!我显然不想要的东西.
This is causing backslashes to get inserted into the data! Something I clearly do not want.
推荐答案
"
确实在MySQL中启动了一个字符串. (请参阅:字符串)
"
does start a string in MySQL. (See: Strings)
例外:
如果ANSI_QUOTES SQL模式为 启用,字符串文字可以用引号引起来 仅在单引号内 因为一个字符串在双引号内 引号被解释为 标识符.
If the ANSI_QUOTES SQL mode is enabled, string literals can be quoted only within single quotation marks because a string quoted within double quotation marks is interpreted as an identifier.
这篇关于今天,mysql_real_escape_string()转义了单引号和双引号的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!