doupu1949 2014-11-25 09:37
浏览 219
已采纳

刚刚使用mysql真正的转义字符串[关闭]

need guidance on how this mysql real escape string works on this statement, i don't want mysqli and the pdo types. i have tried it, but it is not working, need some help about this

$UserName =mysql_real_escape_string($_POST['UserName']);
$password =mysql_real_escape_string($_POST['Password']);

            // Insert data into mysql 
            $sql1="INSERT INTO UserDetail (UserName,Password,Email_Address,Verifycode,AcoountStatus)VALUES('$UserName','$encry_pass','$email','$verify_code','Inactive')";
  • 写回答

1条回答 默认 最新

  • duana1986 2014-11-25 09:59
    关注

    it is not working … the strings like />., still can be enter in the sql database

    It is working.

    mysql_real_escape_string is a function that escapes characters which have special meaning in SQL.

    / and > do not have special meaning in SQL, so it shouldn't touch them.

    If they did have special meaning, then the point of the function is to allow them to be inserted into the database. It makes changes such as converting ' (meaning "Start or end an SQL string") to \' (meaning "An apostrophe").

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 素材场景中光线烘焙后灯光失效
  • ¥15 请教一下各位,为什么我这个没有实现模拟点击
  • ¥15 执行 virtuoso 命令后,界面没有,cadence 启动不起来
  • ¥50 comfyui下连接animatediff节点生成视频质量非常差的原因
  • ¥20 有关区间dp的问题求解
  • ¥15 多电路系统共用电源的串扰问题
  • ¥15 slam rangenet++配置
  • ¥15 有没有研究水声通信方面的帮我改俩matlab代码
  • ¥15 ubuntu子系统密码忘记
  • ¥15 保护模式-系统加载-段寄存器