doubu7134 2015-03-27 12:35
浏览 39
已采纳

将mysql_real_escape_string()用于用户输入是否安全

Recently I am developing little question generation program on PHP. It uses some LaTeX formatted math formulas.

  • I had a problem with inserting LaTeX formulas, because no backslash was inserted to MySQL database.

  • I've described this issue here :

    Backslashes are auto-removed while inserting LaTeX formulas to MySQL with PHP

  • I found a solution by using mysql_real_escape_string(). But this arises another question.

  • If backslashes now could be inserted, is my program vulnerable for sql injections or any other tricky input that users could make?
  • 写回答

1条回答 默认 最新

  • dstm2014 2015-03-27 15:11
    关注

    This function is generally designed specifically for sanitising user input and should always be used, as per the documentation: http://php.net/manual/en/function.mysql-real-escape-string.php

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 Revit2020下载问题
  • ¥15 使用EMD去噪处理RML2016数据集时候的原理
  • ¥15 神经网络预测均方误差很小 但是图像上看着差别太大
  • ¥15 Oracle中如何从clob类型截取特定字符串后面的字符
  • ¥15 想通过pywinauto自动电机应用程序按钮,但是找不到应用程序按钮信息
  • ¥15 如何在炒股软件中,爬到我想看的日k线
  • ¥15 seatunnel 怎么配置Elasticsearch
  • ¥15 PSCAD安装问题 ERROR: Visual Studio 2013, 2015, 2017 or 2019 is not found in the system.
  • ¥15 (标签-MATLAB|关键词-多址)
  • ¥15 关于#MATLAB#的问题,如何解决?(相关搜索:信噪比,系统容量)