dongshi1606 2009-07-09 20:58
浏览 9
已采纳

你如何消毒你的数据?

This is the function i currently use(from a php book i bought):

function escape($data) {
    return mysql_real_escape_string(trim($data), $this->linkid);    
}

But I feel like it could be safer. for example, maybe use htmlspecialchars. It always makes me paranoid. I've read that mysql_real_escape_string is bad and never to use it, but then i've also read it's the best way. Lots of confusion regarding data sanitizing when inserting them to the database.

So how do you do it? and what are the pros and cons of the way you do it.

  • 写回答

8条回答 默认 最新

  • doudou0111 2009-07-09 21:06
    关注

    You're talking about two different types of escaping.

    mysql_real_escape_string() escapes data so it'll be safe to send to MySQL.

    htmlspecialchars() escapes data so it'll be safe to send to something that renders HTML.

    Both work fine for their respective purposes, but parameterized queries via something like mysqli are quite a bit neater.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(7条)

报告相同问题?

悬赏问题

  • ¥15 phython路径名过长报错 不知道什么问题
  • ¥15 深度学习中模型转换该怎么实现
  • ¥15 HLs设计手写数字识别程序编译通不过
  • ¥15 Stata外部命令安装问题求帮助!
  • ¥15 从键盘随机输入A-H中的一串字符串,用七段数码管方法进行绘制。提交代码及运行截图。
  • ¥15 TYPCE母转母,插入认方向
  • ¥15 如何用python向钉钉机器人发送可以放大的图片?
  • ¥15 matlab(相关搜索:紧聚焦)
  • ¥15 基于51单片机的厨房煤气泄露检测报警系统设计
  • ¥15 Arduino无法同时连接多个hx711模块,如何解决?