Home  >  Article  >  Backend Development  >  The simplest sql anti-injection function and method in php_PHP tutorial

The simplest sql anti-injection function and method in php_PHP tutorial

WBOY
WBOYOriginal
2016-07-13 17:09:48823browse

mysql tutorial_real_escape_string — Escape special characters in a string used in a SQL statement, taking into account the connection's current character set.

But note: this function does not escape % and _. In addition, it is best not to use this function for the entire SQL statement, but to escape only the string parameters passed into the SQL statement, otherwise unexpected results will occur.

$item = "Zak's and Derick's Laptop";
$escaped_item = mysql_real_escape_string($item);
printf ("Escaped string: %sn", $escaped_item);
?>

The addslashes() function adds a backslash before the specified predefined characters.

These predefined characters are:

Single quote (')
Double quotes (")
backslash ()
NULL

By default, the PHP directive magic_quotes_gpc is on, automatically running addslashes() on all GET, POST and COOKIE data. Do not use addslashes() on strings that have been escaped by magic_quotes_gpc, as this will result in double escaping. When encountering this situation, you can use the function get_magic_quotes_gpc() to detect it.

$str="jane & 'tarzan'"; //Define html string
echo html_entity_decode($str); //Output the converted content
echo "
";
echo html_entity_decode($str,ent_quotes); //Content output with optional parameters

For more details, please see: http://www.bKjia.c0m/phper/php-function/36439.htm

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/629708.htmlTechArticlemysql tutorial_real_escape_string escapes special characters in strings used in SQL statements, taking into account the current connection Character set. But note: this function does not escape % and _. Also...
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn