何时使用 mysql_real_escape_string? [英] When to use mysql_real_escape_string?

问题描述

我应该什么时候使用 mysql_real_escape_string?

When should i use mysql_real_escape_string?

是否仅在我将行插入数据库时​​?还是只有当我有用户输入时?

Is it only when i'm inserting rows into a database? Or only when i have user input?

谢谢

推荐答案

每当您构建将针对数据库运行的查询时，您都应该使用 mysql_real_escape_string().用于构建数据库查询的任何用户输入都应通过此函数运行.这将防止 sql 注入攻击.

You should use mysql_real_escape_string() whenever you're building a query that will be run against the database. Any user input that is being used to build a database query should be run through this function. This will prevent sql injection attacks.

在这方面，用户输入是您最关心的领域.

User inputs are your big area of concern when it comes to this.

这篇关于何时使用 mysql_real_escape_string?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！