Hướng dẫn mysql_escape_string php8
(PHP 4 >= 4.0.3, PHP 5) Show mysql_escape_string — Escapes a string for use in a mysql_query Descriptionmysql_escape_string(string This function is identical to mysql_real_escape_string() except that mysql_real_escape_string() takes a connection handler and escapes the string according to the current character set. mysql_escape_string() does not take a connection argument and does not respect the current charset setting. Parametersunescaped_string The string that is to be escaped. Return ValuesReturns the escaped string. ExamplesExample #1 mysql_escape_string() example
The above example will output: Escaped string: Zak\'s Laptop Notes
See Also
PHPguru ¶ 7 years ago
(PHP 4 >= 4.3.0, PHP 5) mysql_real_escape_string — Escapes special characters in a string for use in an SQL statement Descriptionmysql_real_escape_string(string mysql_real_escape_string() calls MySQL's library function mysql_real_escape_string, which prepends backslashes to the following characters: This function must always (with few exceptions) be used to make data safe before sending a query to MySQL. Caution Security: the default character setThe character set must be set either at the server level, or with the API function mysql_set_charset() for it to affect mysql_real_escape_string(). See the concepts section on character sets for more information. Parametersunescaped_string The string that is to be escaped. link_identifier The MySQL connection. If the link identifier is not specified, the last link opened by mysql_connect() is assumed. If no such link is found, it will try to create one as if mysql_connect() had been
called with no arguments. If no connection is found or established, an Return Values Returns the escaped string, or Errors/Exceptions Executing this function without a MySQL connection present will also emit ExamplesExample #1 Simple mysql_real_escape_string() example
Example #2 mysql_real_escape_string() requires a connection example This example demonstrates what happens if a MySQL connection is not present when calling this function.
The above example will output something similar to: Warning: mysql_real_escape_string(): No such file or directory in /this/test/script.php on line 5 Warning: mysql_real_escape_string(): A link to the server could not be established in /this/test/script.php on line 5 bool(false) string(41) "SELECT * FROM actors WHERE last_name = ''" Example #3 An example SQL Injection Attack
The query sent to MySQL: SELECT * FROM users WHERE user='aidan' AND password='' OR ''='' This would allow anyone to log in without a valid password. Notes
See Also
feedr ¶ 11 years ago
$inp) && is_string($inp)) {
nicolas ¶ 16 years ago
sam at numbsafari dot com ¶ 9 years ago
rohankumar dot 1524 at gmail dot com ¶ 1 year ago
strata_ranger at hotmail dot com ¶ 12 years ago
$query;// The query sent to MySQL would read: plgs at ozemail dot com dot au ¶ 13 years ago
jonnie ¶ 5 years ago
Aljo ¶ 4 years ago
presto dot dk at gmail dot com ¶ 12 years ago
|