mysql mysql_real_escape_string() 转义问题

Question

一条查询语句 ， select orderid from order where date = 20170302 AND aid ='14218902787457024'; 因为aid字段是varchar，所以为了使用索引，在传入查询条件时，需要将aid字段值用引号包起来。 {代码...}

大家讲道理 · Answer

mysql_real_escape_string escapes all special characters
The following characters are affected:
x00
n
r

'
"
x1a
If you want to escape, please escape the query parameters before bringing them into sql. Such as
$aid = mysql_real_escape_string("14218902787457024");
$date = mysql_real_escape_string("20170302");
select orderid from order where date = $date AND aid ='$aid'

mysql mysql_real_escape_string() 转义问题

reply all(1)I'll reply