用于处理从$ _POST输入到数据库保存的两个字符串的PHP代码是相同的。保存之前完成的唯一准备工作是:
trim(stripslashes($string))
仅供参考 - 输入来自安全的管理站点,而不是用户界面,因此防止代码注入和类似的废话不是一个大问题。获得正确的数据是。 服务器使用PHP 5.4和MySQL 5.5
有什么想法吗?
答案 0 :(得分:0)
有时候特殊字符暴力查询。所以使用real_escape_string函数。对于前 -
<?php
$mysqli = new mysqli("localhost", "my_user", "my_password", "world");
/* check connection */
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
$mysqli->query("CREATE TEMPORARY TABLE myCity LIKE City");
$city = "'s Hertogenbosch";
/* this query will fail, cause we didn't escape $city */
if (!$mysqli->query("INSERT into myCity (Name) VALUES ('$city')")) {
printf("Error: %s\n", $mysqli->sqlstate);
}
$city = $mysqli->real_escape_string($city);
/* this query with escaped $city will work */
if ($mysqli->query("INSERT into myCity (Name) VALUES ('$city')")) {
printf("%d Row inserted.\n", $mysqli->affected_rows);
}
$mysqli->close();
?>