Community Learn Tools Library Leisure
search
English
Home > Backend Development > PHP Tutorial > body text

php mysql_real_escape_string function usage and example tutorial_PHP tutorial

WBOY
Release: 2016-07-21 16:13:29
Original
879 people have browsed it

Escape special characters in unescaped_string, taking into account the current character's connection settings so that it is safe in place in mysql_query() it. If binary data is to be inserted, this function must be used

The following characters are affected:

  • x00
  • n
  • r
  • '
  • "
  • x1a

If successful, the function returns the escaped string. If failed, returns false.

Grammar

mysql_real_escape_string(string,connection)
Copy after login
参数 描述
string 必需。规定要转义的字符串。
connection 可选。规定 MySQL 连接。如果未规定,则使用上一个连接。

Description

This function escapes special characters in a string and takes into account the current character set of the connection, so it is safe to use with mysql_query().

Tips and Notes

Tip: You can use this function to prevent database attacks.

Example

Example 1

Copy code The code is as follows:

$con = mysql_connect("localhost", "hello ", "321");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}

// Code to get username and password

// Escape username and password for use in SQL
$user = mysql_real_escape_string($user);
$pwd = mysql_real_escape_string($pwd);

$sql = "SELECT * FROM users WHERE
user='" . $user . "' AND password='" . $pwd . "'"

//More codes

mysql_close($con);
?>

Example 2
Database attack. This example shows what happens if we don't apply the mysql_real_escape_string() function to the username and password:

Copy code The code is as follows:

$con = mysql_connect("localhost", "hello ", "321");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}

$sql = "SELECT * FROM users
WHERE user='{$_POST['user']}'
AND password='{$_POST['pwd']}'";
mysql_query($sql);

// Does not check username and password
// Can be anything entered by the user, such as:
$_POST['user'] = 'john';
$_POST['pwd'] = "' OR ''='";

// Some code...

mysql_close($con);
?>

Then the SQL query will look like this:

SELECT * FROM users
WHERE user='john' AND password='' OR ''='' This means that any user can log in without entering a valid password.

Example 3
Correct way to prevent database attacks:

Copy code The code is as follows:

function check_input($value)
{
// Remove slashes
if (get_magic_quotes_gpc())
{
$value = stripslashes($value);
}
// If not a number, add quotes
if (!is_numeric($value))
{
$value = "'" . mysql_real_escape_string($value) . "'";
}
return $value;
}

$con = mysql_connect("localhost", "hello", "321");
if (!$con)
{
die('Could not connect: ' . mysql_error()) ;
}

// Perform secure SQL
$user = check_input($_POST['user']);
$pwd = check_input($_POST['pwd']);
$sql = " SELECT * FROM users WHERE
user=$user AND password=$pwd";

mysql_query($sql);

mysql_close($con);
?>

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/313495.htmlTechArticleEscape special characters in unescaped_string, taking into account the current character's connection settings so that it is safe in place mysql_query() it. If binary data is to be inserted, this function...
Related labels:
escape mysql php string and function exist character Example Tutorial usage escape
source:php.cn
Previous article:PHP file upload main code explanation_PHP tutorial Next article:When the folder name created by php contains the word "黑", the word "黑" is more likely to appear repeatedly. What is the reason?
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Latest Issues
PHP arrays obtained from URL parameters do not behave as expected I have a URL parameter that contains the category ID and I want to treat it as an array li...
From 2024-04-06 22:09:02
0
1
1428
Where should I place CustomLog directive in apache I'm using php:7.2-apachedocker. I need to disable health check url login access log. Based...
From 2024-04-06 22:03:59
0
1
990
What is the format of the variables in the return value? I am a new learner of php. I found a piece of code: if($x<time()){return[false,'error']...
From 2024-04-06 21:55:20
0
1
778
Problems encountered when using opentbs to generate odt files: values ​​of the same key are displayed in the same row instead of separate columns. I'm using a library called OpenTbs to create odt using PHP, I'm using it because columns a...
From 2024-04-06 20:18:18
0
1
483
Group MySQL results by ID for looping over I have a table with flight data in mysql. I'm writing a php code that will group and displ...
From 2024-04-06 17:27:56
0
1
406
Related Topics
More>
Popular Recommendations
Popular Tutorials
More>
Related Tutorials
Popular Recommendations
Latest courses
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template