douwu8524 2015-08-28 17:00
浏览 22
已采纳

为什么我们应该在登录中使用mysqli_real_escape_string()和stripslashes()函数并注册php文件

1- Why we should use the mysqli_real_escape_string() and the stripslashes() functions in a register and login php files?

2- Does these functions change the contents of the fields? If the answer is yes as the result the contents of the fields such as the username will change and the next time if the user want to login with his/her username It can not, because the contents of the username has been changed already, for example at the time of the registering in a website and now and as the result it can not login to the website because the contents of the fields such as the username has been changed by the the mysqli_real_escape_string() and the stripslashes() functions.

I have two ambiguity in the above questions.

  • 写回答

1条回答 默认 最新

  • douduan6731 2015-08-28 17:09
    关注

    Using these functions makes your site less vulnerable to SQL injection attacks, where an attacker puts SQL syntax into a form field to compromise your site. mysqli_real_escape_string() "escapes" special characters so that MySQL interprets them as literal string characters rather than operators in the query.

    These functions only affect characters that are important to SQL commands, and will not affect legitimate input, while foiling nefarious users.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥100 关于使用MATLAB中copularnd函数的问题
  • ¥20 在虚拟机的pycharm上
  • ¥15 jupyterthemes 设置完毕后没有效果
  • ¥15 matlab图像高斯低通滤波
  • ¥15 针对曲面部件的制孔路径规划,大家有什么思路吗
  • ¥15 钢筋实图交点识别,机器视觉代码
  • ¥15 如何在Linux系统中,但是在window系统上idea里面可以正常运行?(相关搜索:jar包)
  • ¥50 400g qsfp 光模块iphy方案
  • ¥15 两块ADC0804用proteus仿真时,出现异常
  • ¥15 关于风控系统,如何去选择