Is mysql

 

This question already has an answer here:

  • SQL injection that gets around mysql_real_escape_string() 4 answers

    • mysql_real_escape_string is safe to use if used properly (ie, everywhere you're inserting PHP variables into your queries), but as has been pointed out in the comments it's not the only thing you need to worry about. For example, HTML markup could be inserted into your DB and used for Cross Site Scripting attacks.

    You might also want to consider prepared statements as an alternative to mysql_real_escape_string, as they will automatically escape input for you so there's no chance of accidentally forgetting to escape a parameter.

    链接地址: http://www.djcxy.com/p/93446.html

    上一篇: PHP

    下一篇: 是mysql