如何转义 NSString 以防止 SQLInjection with Core Data [英] How to escape a NSString to prevent SQLInjection with Core Data

问题描述

从输入字段转义搜索字符串以防止 SQLInjections 的最佳方法是什么?

what is the best way to escape a Search String from an input field to prevent SQLInjections?

是否有类似 PHP 的 mysql_real_escape_string 方法，或者我应该手动替换/转义不同的字符，例如:OR、AND、LIKE、WHERE、DELETE、INSERT、UPDATE、FROM、GROUPBY、ORDER BY 等等?

Is there an mysql_real_escape_string method like in PHP or should i manually replace/escape the different characters like: OR, AND, LIKE, WHERE, DELETE, INSERT, UPDATE, FROM, GROUP BY, ORDER BY and so on?

推荐答案

以来自@Nick Weaver 的回答结束:

closed with the answer from: @Nick Weaver:

我认为你不必关心这个.

I don't think that you have to take care about that.

这篇关于如何转义 NSString 以防止 SQLInjection with Core Data的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！