I know I need to use them on user input fields such as a username entry field, but what about for radio buttons such as a gender option?
我是否需要在所有表单输入上使用mysql_real_escape_string?
- 写回答
- 好问题 0 提建议
- 追加酬金
- 关注问题
分享- 邀请回答
-
8条回答 默认 最新
- duanhun3273 2011-04-11 20:13关注
Stop!
You seem to be confusing escaping with data validation and data sanitization.
You need to validate any data that comes in. Yes, this means making sure that radio buttons contain legal values.
You need to sanitize any data that comes in. Should that text field contain HTML? No?
strip_tags. Should that field be a number? Cast it as an integer.You need to escape any data that you place in the database. If you're still using the prehistoric "mysql" extension, this means using
mysql_real_escape_stringon everything as you build your query -- not before.You need to escape any data you echo to the user.
htmlspecialcharsis your friend.I've previously explained this in more detail, though this is not a duplicate question.
本回答被题主选为最佳回答 , 对您是否有帮助呢?解决 无用评论 打赏举报 分享
- 2011-04-11 20:04回答 8 已采纳 Stop! You seem to be confusing escaping with data validation and data sanitization. You need t
- 2015-06-22 13:21回答 2 已采纳 Your problem has nothing to do with jQuery and the form. It is just highly recommended to prevent
- 2015-06-15 13:45回答 7 已采纳 Change form type="post" to method="post" Add database connection string to your mysqli_real_escap
- 2021-03-03 23:47西庆余里的博客 因此,在我正在编写的此程序中,我实际上是使用表单从用户那里获取SQL查询。然后,我继续在数据库上运行该查询。我知道不要“信任”用户输入,因此我想对输入进行清理。我正在尝试使用,mysql_real_escape_string但...
- 2018-10-17 20:29回答 1 已采纳 You can use exit function (http://php.net/manual/en/function.exit.php) if (!ctype_digit($age)){
- 2017-04-26 07:35回答 1 已采纳 Your id is not in a field. So $_POST['record']; is empty. Use for your id field echo "<td&
- 2018-04-01 22:13回答 2 已采纳 Found problems: First code line is wrong: <? php. The php file presents then the code like a
- 2021-01-20 01:21spRachel雷切爾的博客 Tsundoku0phpsql我正在尝试使用PHP写入数据库但是如果我尝试使用mysql_real_escape_string()我没有得到任何错误但没有任何东西被保存到数据库中我不知道为什么= /特别是因为我做了同样的事情在另一个PHP文件上,它...
- 2015-09-15 21:20回答 1 已采纳 With the help of the comment section, this works just fine now. Additional info: The column type
- 2016-05-23 12:02回答 2 已采纳 You need to use either mysql_* or mysqli_* functions throughout your whole script. Use the latter
- 2015-05-14 20:19回答 1 已采纳 To make the code more readable I would do your escaping before creating the SQL query. Not require
- 2021-02-04 16:35weixin_39859128的博客 } Until today I didn't realize that mysql_real_escape_string required a database connection as I've only used it when I've been cleaning the data before storing it into the database. I tried using ...
- 2019-04-14 04:52回答 3 已采纳 As per comment above, the HTML in the question was not valid so I made appropriate changes below t
- 2021-05-08 11:52苹果岛的博客 mysql_real_escape_string介绍mysql_real_escape_string() 函数转义 SQL 语句中使用的字符串中的特殊字符。如果成功,则该函数返回被转义的字符串。如果失败,则返回 false。mysql_real_escape_string 优于...
- 2021-03-03 23:45加了个蛋的博客 HTML说明,HTML内容是一个表单,里面放置...MYSQL数据表结构CREATE TABLE IF NOT EXISTS `t_mult` (`id` int(11) NOT NULL auto_increment,`username` varchar(32) NOT NULL,`phone` varchar(20) NOT NULL,PRIMARY K...
- 没有解决我的问题, 去提问
悬赏问题
- ¥15 虚幻5 UE美术毛发渲染
- ¥15 CVRP 图论 物流运输优化
- ¥15 Tableau online 嵌入ppt失败
- ¥100 支付宝网页转账系统不识别账号
- ¥15 基于单片机的靶位控制系统
- ¥15 真我手机蓝牙传输进度消息被关闭了,怎么打开?(关键词-消息通知)
- ¥15 下图接收小电路,谁知道原理
- ¥15 装 pytorch 的时候出了好多问题,遇到这种情况怎么处理?
- ¥20 IOS游览器某宝手机网页版自动立即购买JavaScript脚本
- ¥15 手机接入宽带网线,如何释放宽带全部速度