| This article describes how to use the mysql_real_escape_string () function in php. if you need it, refer to it. Define and use special characters in strings used in the mysql_real_escape_string () function to escape SQL statements. The following characters are affected: \ x00 \ n \ r \ '"\ x1a if the function is successful, the function returns the escaped string. If it fails, false is returned. Syntax mysql_real_escape_string (string, connection) The parameter description string is required. Specifies the string to be escaped. Connection is optional. MySQL connection is required. If not specified, use the previous connection. This function escapes special characters in string and considers the connected character set. Therefore, it can be safely used for mysql_query (). Tips and comments Tip: you can use this function to prevent database attacks. The following describes several examples of the mysql_real_escape_string () function for your reference. Example 1:
Example 2: database attacks.
Then the SQL query will become like this: SELECT * FROM usersWHERE user = 'John' AND password = ''OR'' = '', that is, any user can log on without entering a valid password. Example 3:
|
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
