我正在重写Web应用程序,想知道mysqli_real_escape_string函数是否进行客户端 - 服务器往返?
我正在使用它。
<?php
$link = mysqli_connect("localhost", "my_user", "my_password", "world");
/* check connection */
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
mysqli_query($link, "CREATE TEMPORARY TABLE myCity LIKE City");
$city = "'s Hertogenbosch";
/* this query will fail, cause we didn't escape $city */
if (!mysqli_query($link, "INSERT into myCity (Name) VALUES ('$city')")) {
printf("Error: %s\n", mysqli_sqlstate($link));
}
$city = mysqli_real_escape_string($link, $city);
/* this query with escaped $city will work */
if (mysqli_query($link, "INSERT into myCity (Name) VALUES ('$city')")) {
printf("%d Row inserted.\n", mysqli_affected_rows($link));
}
mysqli_close($link);
?>
mysqli_real_escape_string客户端 - 服务器往返?
所以如果我使用mysqli_real_escape_string 4次那么将有4次客户端 - 服务器往返?
答案 0 :(得分:2)
根据此源代码:https://github.com/php/php-src/blob/master/ext/mysqli/mysqli_api.c
mysqli_real_escape_string来电mysql_real_escape_string。
PHP_FUNCTION(mysql_real_escape_string)在这里定义:https://github.com/php/php-src/blob/master/ext/mysql/php_mysql.c
它从mysql库调用mysql_real_escape_string。 http://dev.mysql.com/doc/refman/5.5/en/mysql-real-escape-string.html
抱歉,我无法访问launchpad.net的mysql源代码,但是我查了一下twitter mysql的源代码https://github.com/twitter/mysql/blob/master/libmysql/libmysql.c
看到了这个:
ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return (uint) escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return (uint) escape_string_for_mysql(mysql->charset, to, 0, from, length);
}
escape_quotes_for_mysql和escape_string_for_mysql在charset.c中定义,并且他们不会向远程MySQL服务器发送任何信息。
所以,一直到最后,我可以说:mysqli_real_escape_string不进行客户端 - 服务器往返。