Im simply passing user data into an SQL database and collecting the data for admin view only, i am usin mysql_real_escape_string() to escape the data, I was told today that htmlentities is better to use, i have always heard the opposite. could do go a little more in depth on this with me. Also as a sid enote, if someone could provide a really good tutorial for PDO that would be wonderful
2条回答 默认 最新
- dongzhuanlei0768 2013-01-12 18:45关注
The two do entirely different things. One escapes data for putting into a SQL statement (which is a bad in general: see http://bobby-tables.com) and the other escapes data for putting into an HTML document. You're basically asking "Should I use a spoon or a fork?"
本回答被题主选为最佳回答 , 对您是否有帮助呢?解决 无用评论 打赏 举报
悬赏问题
- ¥15 mmocr的训练错误,结果全为0
- ¥15 python的qt5界面
- ¥15 无线电能传输系统MATLAB仿真问题
- ¥50 如何用脚本实现输入法的热键设置
- ¥20 我想使用一些网络协议或者部分协议也行,主要想实现类似于traceroute的一定步长内的路由拓扑功能
- ¥30 深度学习,前后端连接
- ¥15 孟德尔随机化结果不一致
- ¥15 apm2.8飞控罗盘bad health,加速度计校准失败
- ¥15 求解O-S方程的特征值问题给出边界层布拉休斯平行流的中性曲线
- ¥15 谁有desed数据集呀