在 PHP5 中为 SQLite3 转义字符串 [英] escaping strings for SQLite3 in PHP5

问题描述

为什么这两个功能我都失败了?或者这只是一种错觉?

Why does both functions fail me? Or is this just an illusion?

<?php
echo sqlite_escape_string('Hello "World" \'\' ...');
echo "\n";
echo SQLite3::escapeString('Hello "World" \'\' ...');
echo "\n";
?>

输出:

Hello "World" '''' ...
Hello "World" '''' ...

推荐答案

您应该使用 PDO 访问您的数据库，因为它具有 准备好的语句 比逃跑更安全，也更快.

You should be using PDO to access your database because it has prepared statements which are safer than escaping and also faster.

PHP 数据对象 (PDO) 扩展定义了一个轻量级的、一致的访问数据库的接口PHP.每个数据库驱动程序实现 PDO 接口可以将特定于数据库的功能公开为常规扩展函数.

The PHP Data Objects (PDO) extension defines a lightweight, consistent interface for accessing databases in PHP. Each database driver that implements the PDO interface can expose database-specific features as regular extension functions.

使用 PDO 的另一大优势是您可以轻松地在数据库(例如 MySQL、PostGRESQL 和 SQLite)之间切换，而无需更改大量代码.

Another big adventage when using PDO is that you can switch between databases(MySQL vs PostGRESQL vs SQLite for example) easily without changing much of your code.

可以在 nettuts.如果你问我，这是一个非常好的阅读/介绍！

A quick introduction how to use PDO can be read over at nettuts. A very good read/introduction if you ask me!

这篇关于在 PHP5 中为 SQLite3 转义字符串的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！