All geek questions in one place

How mysql_real_escape_string works

How does mysql_real_escape_string work? Does mysql function delete or add // between mysql function? It is better than addlashes.

+4
source share
2 answers

mysql_real_escape_string () calls the MySQL library function mysql_real_escape_string, which adds a backslash to the following characters: \ x00, \ n, \ r, \, ', "and \ x1a.

This function should always (with a few exceptions) be used to ensure data security before sending a query to MySQL.

IMO, it's better to use this feature than trying to recreate most of the time.

+4
source

When disinfecting database entries, you should always use mysql_real_escape_string over addslashes and other non-native PHP functions if you are not using the new PDO library.

mysql_real_escape_string () calls the MySQL library function mysql_real_escape_string, which adds a backslash to the following characters: \ x00, \ n, \ r, \, ', "and \ x1a.

Source @ http://php.net/manual/en/function.mysql-real-escape-string.php

You should also know that PHP has provided its own library called PDO , which is the class that manages your database sanitation, so you don’t have to worry much.

Prepared statements are processed by the database service itself, which improves security and performance compared to all.

If you want to implement prepared statements, you will need to study and enable PDO. Another level of abstraction of your own database.

To implement PDO Click here

Read more about prepared reports. Click here.

0
source

Source: https://habr.com/ru/post/1339869/

More articles:


All Articles