最建议何时使用mysql_real_escape_string() [英] When are the most recommended times to use mysql_real_escape_string()

问题描述

我实际上并不熟悉此功能.并且在使用preg_replace并在添加前添加了斜线.

Im actually new to using this function.. and was using preg_replace and addslashes previous to finding it.

我最好奇的是，因为我要检查并加强我的第一个大型应用程序中发布区域的安全性，并且想知道该功能有效的最佳实例，因此强烈建议使用.我已经看到此功能适用于几种不同的情况，并且不仅在发布用户输入之前.而且在一般情况下进行查询时，因此我真的很好奇它的全部功能以及如何充分发挥其作用.

I'm mostly curious, because Im about to go through, and tighten security in the posting areas in my first large app, and wanted to know the best instances where this function is effective, and highly recommended. I've seen this function applied in a few different situations, and not just before user input is posted.. but when queries are done in general, so Im really curious about its full possibilities, and how to implement it to its full effectiveness.

此外，我们将不胜感激任何可靠的安全方法和建议.

Also, any infallible security methods, and suggestions in general will be really appreciated.

为所有人加油！

推荐答案

理想情况下，您应该从不使用它，因为 PDO 或 mysqli )是防止发生错误的正确方法SQL注入.

Ideally you should never be using it, because Parameterized queries (either through PDO or mysqli) are the correct way to prevent SQL injection.

这篇关于最建议何时使用mysql_real_escape_string()的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！