dongmaomou4117 2012-02-05 16:39
浏览 47
已采纳

安全地向MySQL插入数据和从MySQL检索数据

Well, I want to know some tips about PHP and MySQL.

When I get data from user then I use the following validation:

mysql_real_escape_string()
or
htmlentities()
or
trim()

Is it a secure way to get data from the user?

And what is the best way to retrieve data from Mysql database? I used nl2br(), but if i submit I'm here Then it shows I\'m here. It should be showing I'm here. I don't know what the correct method is.

  • 写回答

1条回答 默认 最新

  • doubi4814 2012-02-05 16:43
    关注

    When inserting data into a database, you'll use mysql_real_escape_string; not htmlentities. Or even better, MySQLi - or even better, PDO.

    When you're outputting data from the database that might not be secure, you'll probably use htmlentities then.

    To stop the slashes, turn magic quotes off.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥30 这是哪个作者做的宝宝起名网站
  • ¥60 版本过低apk如何修改可以兼容新的安卓系统
  • ¥25 由IPR导致的DRIVER_POWER_STATE_FAILURE蓝屏
  • ¥50 有数据,怎么建立模型求影响全要素生产率的因素
  • ¥50 有数据,怎么用matlab求全要素生产率
  • ¥15 TI的insta-spin例程
  • ¥15 完成下列问题完成下列问题
  • ¥15 C#算法问题, 不知道怎么处理这个数据的转换
  • ¥15 YoloV5 第三方库的版本对照问题
  • ¥15 请完成下列相关问题!