PHP mysql_real_escape_string的使用陷阱
2015-04-25 15:55
288 查看
php函数mysql_real_escape_string用于转义字符串中和SQL 有关的特殊字符,防止SQL注入攻击。
注意:如果没有连接MySQL就是用这个函数那么返回值总是false。
未连接MySQL
PHP代码:
$str = "list%%";
var_dump(mysql_real_escape_string($str));
运行结果:
[root@localhost test]# phptest.php
PHP Warning: mysql_real_escape_string(): Accessdenied for user 'root'@'localhost' (using password: NO) in/var/www/html/test/test.php on line 23
Warning: mysql_real_escape_string(): Access denied for user'root'@'localhost' (using password: NO) in/var/www/html/test/test.php on line 23
PHP Warning: mysql_real_escape_string(): A linkto the server could not be established in/var/www/html/test/test.php on line 23
Warning: mysql_real_escape_string(): A link to the server could notbe established in /var/www/html/test/test.php on line 23
bool(false)
连接MySQL
PHP代码:
mysql_connect('192.168.193.129', 'root', 'miaohr1qaz');
$str = "list%%";
var_dump(mysql_real_escape_string($str));
运行结果:
[root@localhost test]# phptest.php
string(6) "list%%"
参数 | 描述 |
---|---|
string | 必需。规定要转义的字符串。 |
connection | 可选。规定 MySQL 连接。如果未规定,则使用上一个连接。 |
未连接MySQL
PHP代码:
$str = "list%%";
var_dump(mysql_real_escape_string($str));
运行结果:
[root@localhost test]# phptest.php
PHP Warning: mysql_real_escape_string(): Accessdenied for user 'root'@'localhost' (using password: NO) in/var/www/html/test/test.php on line 23
Warning: mysql_real_escape_string(): Access denied for user'root'@'localhost' (using password: NO) in/var/www/html/test/test.php on line 23
PHP Warning: mysql_real_escape_string(): A linkto the server could not be established in/var/www/html/test/test.php on line 23
Warning: mysql_real_escape_string(): A link to the server could notbe established in /var/www/html/test/test.php on line 23
bool(false)
连接MySQL
PHP代码:
mysql_connect('192.168.193.129', 'root', 'miaohr1qaz');
$str = "list%%";
var_dump(mysql_real_escape_string($str));
运行结果:
[root@localhost test]# phptest.php
string(6) "list%%"
相关文章推荐
- PHP mysql_real_escape_string() 函数
- php中addslashes() ,mysql_real_escape_string() 和mysql_escape_string() 的区别--转
- PHP mysql_real_escape_string() 函数
- php 函数积累记录 -- mysql_real_escape_string
- php中防注入函数addslashes() ,mysql_real_escape_string() 和mysql_escape_string() 的区别
- php addslashes和mysql_real_escape_string
- php-addslashes, mysql_escape_string, mysql_real_escepe_string
- PHP mysql_real_escape_string的一处注意
- PHP mysql_real_escape_string() 函数
- PHP 安全手册 第五条 输出转义 最好的MYSQL 转义函数 mysql_real_escape_string
- PHP - mysql_real_escape_string()与mysql_escape_string()
- PHP mysql_real_escape_string() 函数
- 一个登陆安全的函数PHP mysql_real_escape_string() 函数
- PHP mysql_real_escape_string() 函数
- 使用mysql_real_escape_string报错处理
- PHP mysql_real_escape_string() 函数防止数据库攻击
- PHP mysql_real_escape_string() 函数
- PHP关于mysql_real_escape_string的很奇怪的bug
- PHP mysql_real_escape_string() 函数预防数据库攻击