doubu7134 2015-03-27 12:35
浏览 39
已采纳

将mysql_real_escape_string()用于用户输入是否安全

Recently I am developing little question generation program on PHP. It uses some LaTeX formatted math formulas.

  • I had a problem with inserting LaTeX formulas, because no backslash was inserted to MySQL database.
  • I've described this issue here :

    Backslashes are auto-removed while inserting LaTeX formulas to MySQL with PHP

  • I found a solution by using mysql_real_escape_string(). But this arises another question.

  • If backslashes now could be inserted, is my program vulnerable for sql injections or any other tricky input that users could make?
  • 写回答

1条回答 默认 最新

  • dstm2014 2015-03-27 15:11
    关注

    This function is generally designed specifically for sanitising user input and should always be used, as per the documentation: http://php.net/manual/en/function.mysql-real-escape-string.php

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 求差集那个函数有问题,有无佬可以解决
  • ¥15 【提问】基于Invest的水源涵养
  • ¥20 微信网友居然可以通过vx号找到我绑的手机号
  • ¥15 寻一个支付宝扫码远程授权登录的软件助手app
  • ¥15 解riccati方程组
  • ¥15 display:none;样式在嵌套结构中的已设置了display样式的元素上不起作用?
  • ¥15 使用rabbitMQ 消息队列作为url源进行多线程爬取时,总有几个url没有处理的问题。
  • ¥15 Ubuntu在安装序列比对软件STAR时出现报错如何解决
  • ¥50 树莓派安卓APK系统签名
  • ¥65 汇编语言除法溢出问题