Home > Backend Development > PHP Tutorial > Implementation code for escaping mysql statements in php_PHP tutorial

Implementation code for escaping mysql statements in php_PHP tutorial

WBOY
Release: 2016-07-21 15:27:56
Original
922 people have browsed it

It is impossible for you to manually escape every such special character, not to mention that you usually deal with content that is automatically submitted by the form.

So, the mysql_real_escape_string function should be used:

mysql_real_escape_string — Escapes special characters in a string used in a SQL statement, taking into account the current character set of the connection.

But note: this function does not escape % and _. In addition, it is best not to use this function on the entire SQL statement, but only escape the string parameters passed into the SQL statement, otherwise unexpected results will occur.

Script example:

Copy code The code is as follows:

$item = "Zak's and Derick's Laptop";
$escaped_item = mysql_real_escape_string($item);
printf ("Escaped string: %sn", $escaped_item);
?>

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/323641.htmlTechArticleYou can’t manually escape every such special character, not to mention what you usually deal with Content automatically submitted by the form. Therefore, the mysql_real_escape_string function should be used...
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template