htmlspecialchars或mysql_real_escape_string? [英] htmlspecialchars or mysql_real_escape_string?
本文介绍了htmlspecialchars或mysql_real_escape_string?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我不确定在这种情况下使用哪一种?
$ b $
$ query1 =SELECT * FROM messages WHERE
messages.custid ='。htmlspecialchars($ _ SESSION [' customerid'])。'
ORDER BY messages.id LIMIT $ start,$ limit;
解决方案
使用mysql_real_escape_string ..但真的,不要做
改为安装Pear的PDO库,然后使用为您的查询准备好声明
I am unsure which one to use in this situation???
$query1 = "SELECT * FROM messages WHERE
messages.custid='".htmlspecialchars($_SESSION['customerid'])."'
ORDER BY messages.id LIMIT $start, $limit ";
解决方案
use mysql_real_escape_string .. But really, don't do that
instead, install Pear's PDO library, then use a prepared statement for your query
这篇关于htmlspecialchars或mysql_real_escape_string?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
