php mysql escape method

php mysql escape method: 1. Use the mysql library function "mysql_escape_string" or "mysqli_real_escape_string" to escape, the syntax is "mysql_escape_string($str)" or "mysqli_real_escape_string($str)"; 2. Use escape The defined function "addslashes()" is escaped, and the syntax is "addslashes($str)".

#The operating environment of this article: Windows 7 system, PHP8, Dell G3 computer.

php accesses the mysql database to escape special characters in the string

Escape special characters: single quotes ('), double quotes ("), backslashes (\) to facilitate database query

Method 1: Use the mysql library function

PHP version is before 7.0:

mysql_escape_string ( string $unescaped_string ) : string

PHP version is before After 7.0:

mysqli_real_escape_string ( mysqli $link , string $escapestr ) : string

Method 2: Use the escape function addslashes()

Suitable versions PHP4, PHP5, PHP7

addslashes ( string $str ) : string

PHP before 5.4 The directive magic_quotes_gpc is on by default. In fact, all GET, POST and COOKIE data are addedlashes(). Do not use addslashes() on strings that have been escaped by magic_quotes_gpc, because this will cause double-level escaping. When this happens, you can use the function get_magic_quotes_gpc() to detect it. That is, when get_magic_quotes_gpc() returns false, use addslashes() to escape special characters. The example is as follows:

function myaddslashes($data)
{
    if(false == get_magic_quotes_gpc())
    {
        return addslashes($data);//未启用魔术引用时,转义特殊字符
    }
    return $data;
}

Recommended: "PHP Video tutorial》

The above is the detailed content of php mysql escape method. For more information, please follow other related articles on the PHP Chinese website!