duankuangxie9070 2015-09-17 20:03
浏览 262

如何补充或更新已弃用的`mysql_real_escape_string` [重复]

This question already has an answer here:

I'm a PHP novice, trying to validate HTML form submission via PHP learned in a tutorial.

Code uses mysql_real_escape_string which PHP.net says is deprecated.

Here's an excerpt of that entire section:

/*Cleans an array to protect against injection attacks.*/
function f_clean($array) {
    return array_map('mysql_real_escape_string', $array);
}

What, if anything, should I add or change in the PHP in order maintain this security measure?

</div>
  • 写回答

1条回答 默认 最新

  • doucheng3407 2015-09-17 20:08
    关注

    The updated non-deprecated equivalent of mysql_real_escape_string is mysqli_real_escape_string.

    However, mysqli_real_escape_string is not infallible! Even though in most practical cases by the average use, you should take precaution and use it in combination with trim(), parameterized inserts, prepared statements, and strict inputs. There are many questions and resources to help you on this.

    评论

报告相同问题?

悬赏问题

  • ¥15 全部备份安卓app数据包括密码,可以复制到另一手机上运行
  • ¥15 Python3.5 相关代码写作
  • ¥20 测距传感器数据手册i2c
  • ¥15 RPA正常跑,cmd输入cookies跑不出来
  • ¥15 求帮我调试一下freefem代码
  • ¥15 matlab代码解决,怎么运行
  • ¥15 R语言Rstudio突然无法启动
  • ¥15 关于#matlab#的问题:提取2个图像的变量作为另外一个图像像元的移动量,计算新的位置创建新的图像并提取第二个图像的变量到新的图像
  • ¥15 改算法,照着压缩包里边,参考其他代码封装的格式 写到main函数里
  • ¥15 用windows做服务的同志有吗