Home > Database > Mysql Tutorial > Is `mysql_real_escape_string()` Still Secure Against SQL Injection?

Is `mysql_real_escape_string()` Still Secure Against SQL Injection?

Susan Sarandon
Release: 2024-12-07 14:41:11
Original
777 people have browsed it

Is `mysql_real_escape_string()` Still Secure Against SQL Injection?

Is mysql_real_escape_string() a Broken Function?

Concerns have been raised about the efficacy of mysql_real_escape_string() in mitigating SQL injection vulnerabilities, despite proper usage. Skeptics cite antiquated articles as evidence of its flaws.

Can mysql_real_escape_string() Still Be Utilized?

To answer this question, we delve into the MySQL C API documentation for mysql_real_escape_string():

"If you need to change the character set of the connection, use mysql_set_character_set() instead of executing SET NAMES."

Code Demonstration:

mysql_real_escape_string()
Copy after login

Explanation:

According to the documentation, mysql_set_character_set() affects the character set used by mysql_real_escape_string(), unlike SET NAMES. Therefore, you should use mysql_set_charset() to change the encoding in PHP applications.

Conclusion:

While mysql_real_escape_string() may not be completely broken, it is imperative to use it in conjunction with mysql_set_character_set() to ensure proper character set handling and prevent potential SQL injection vulnerabilities.

The above is the detailed content of Is `mysql_real_escape_string()` Still Secure Against SQL Injection?. For more information, please follow other related articles on the PHP Chinese website!

source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template