Home >Backend Development >PHP Problem >php mysql escape method
php mysql escape method: 1. Use the mysql library function "mysql_escape_string" or "mysqli_real_escape_string" to escape, the syntax is "mysql_escape_string($str)" or "mysqli_real_escape_string($str)"; 2. Use escape The defined function "addslashes()" is escaped, and the syntax is "addslashes($str)".
#The operating environment of this article: Windows 7 system, PHP8, Dell G3 computer.
php accesses the mysql database to escape special characters in the string
Escape special characters: single quotes ('), double quotes ("), backslashes (\) to facilitate database query
Method 1: Use the mysql library function
PHP version is before 7.0:
mysql_escape_string ( string $unescaped_string ) : string
PHP version is before After 7.0:
mysqli_real_escape_string ( mysqli $link , string $escapestr ) : string
Method 2: Use the escape function addslashes()
Suitable versions PHP4, PHP5, PHP7
addslashes ( string $str ) : string
PHP before 5.4 The directive magic_quotes_gpc is on by default. In fact, all GET, POST and COOKIE data are addedlashes(). Do not use addslashes() on strings that have been escaped by magic_quotes_gpc, because this will cause double-level escaping. When this happens, you can use the function get_magic_quotes_gpc() to detect it. That is, when get_magic_quotes_gpc() returns false, use addslashes() to escape special characters. The example is as follows:
function myaddslashes($data) { if(false == get_magic_quotes_gpc()) { return addslashes($data);//未启用魔术引用时,转义特殊字符 } return $data; }
Recommended: "PHP Video tutorial》
The above is the detailed content of php mysql escape method. For more information, please follow other related articles on the PHP Chinese website!