Home >Backend Development >PHP Problem >What functions in php can prevent SQL injection?

What functions in php can prevent SQL injection?

(*-*)浩
(*-*)浩Original
2019-09-27 10:27:363355browse

What functions in php can prevent SQL injection?

Don’t believe what the user enters during login, the user’s input needs to be processed

SQL injection: (Recommended learning: PHP programming from entry to proficiency)

' or 1=1 #

Several functions to prevent SQL injection:

addslashes( $string): Use backslashes to quote special characters in the string ' " \

$username=addslashes($username);

mysql_escape_string($string): Use backslashes to escape characters in the string Special characters, used in mysql_query() queries.

$username=mysql_escape_string($username);

mysql_real_escape_string($string): Escape special characters in strings used in SQL statements, taking into account the current character of the connection Set, you need to ensure that the current connection state can be used before using this function, otherwise a warning will be reported. Do not escape % and _

$username=mysql_real_escape_string($username);

For example:

<?php
 $clean = array();
$mysql = array();

$clean[&#39;last_name&#39;] = "O&#39;Reilly";
$mysql[&#39;last_name&#39;] = mysql_real_escape_string($clean[&#39;last_name&#39;]);

$sql = "INSERT
      INTO   user (last_name)
      VALUES (&#39;{$mysql[&#39;last_name&#39;]}&#39;)";
 ?>

The above is the detailed content of What functions in php can prevent SQL injection?. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn