今天，mysql_real_escape_string()转义了单引号和双引号 [英] Today, mysql_real_escape_string() is escaping single quotes AND double quotes

问题描述

$str = 'BEGIN This is a "quote" test. \'Single\' END';
echo $str . "\n";
echo mysql_real_escape_string($str);

// Outputs:
BEGIN This is a "quote" test. 'Single' END
BEGIN This is a \"quote\" test. \'Single\' END

在CentOS上运行PHP 5.3.2.据我所记得，mysql_real_escape_string()将仅转义单引号以防止sql注入.双引号与此无关，因为"在MySQL中不会开始或结束字符串文字！

Running PHP 5.3.2 on CentOS. As far as I can remember, mysql_real_escape_string() will only escape single quotes to prevent sql injections. Double quotes have nothing to do with that, because " does not start or end a string literal in MySQL!

这导致反斜杠被插入到数据中！我显然不想要的东西.

This is causing backslashes to get inserted into the data! Something I clearly do not want.

推荐答案

"确实在MySQL中启动了一个字符串. (请参阅:字符串)

" does start a string in MySQL. (See: Strings)

例外:

如果ANSI_QUOTES SQL模式为 启用，字符串文字可以用引号引起来 仅在单引号内 因为一个字符串在双引号内 引号被解释为 标识符.

If the ANSI_QUOTES SQL mode is enabled, string literals can be quoted only within single quotation marks because a string quoted within double quotation marks is interpreted as an identifier.

这篇关于今天，mysql_real_escape_string()转义了单引号和双引号的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！