何时使用mysqli_real_escape_string? [英] When to use mysqli_real_escape_string?

问题描述

可能重复:
防止PHP中的SQL注入的最佳方法

Possible Duplicate:
Best way to prevent SQL Injection in PHP

我想知道有关sql注入的问题，想知道何时使用mysqli_real_escape_string.

I am wondering about sql injection and want to know when to use mysqli_real_escape_string.

每次查询中有WHERE子句时都需要使用它吗?

Do I need to use it every time I have a WHERE clause in my query?

推荐答案

对于来自用户或不受信任的任何数据，都应使用mysqli_real_escape_string.

You should use mysqli_real_escape_string for any data that comes from the user or can't be trusted.

这篇关于何时使用mysqli_real_escape_string?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！