^mysql_real_escape_string的好有关问题
^-^mysql_real_escape_string的好问题
大家伙们都经常用mysql_real_escape_string,我有个疑问,这个函数是不是只有开了mysql扩展才能用,如果我用的是oracle数据库呢。我没开mysql_real_escape_string,我怎么办。
我查了一下php.net,有如下函数,基本上都是针对 每一个数据库的。我的问题:有没有一个通用的mysql_real_escape_string,这个样子的呢?
mysql_real_escape_string
maxdb_real_escape_string
ingres_escape_string
cubrid_real_escape_string
pg_escape_string
mysql_escape_string
maxdb_escape_string
dbx_escape_string
db2_escape_string
mysqli_escape_string
sqlite_escape_string
还有一个问题是:mysql_real_escape_string能完全防止SQL注入吗?
------解决方案--------------------
弄明白 mysql_real_escape_string的功效你完全可以用正则之类的方法来实现,至于是不是要装了扩展才能用我不清楚。
第2个问题
mysql_real_escape_string函数转义 SQL 语句中使用的字符串中的特殊字符,不是用来针对SQL注入攻击的.所以你的问题就有答案了.
不能说用了转义就100%的安全,我前段时间看到有说将'转成16进制的,然后到了mysql却能正常识别。当然我自己没去测试过这个说法是否真的可行,但要相信那些骇客每天削尖了脑袋在想这些。
打算最近写个帖子大家一起来讨论这个令人烦恼的问题.
------解决方案--------------------
对于SQL注入我也是最近在关注,其实并不会比你知道的多,所以希望写个帖子和大家讨论一下,欢迎来指点。
这里有一个据说是dz的
$magic_quotes_gpc = get_magic_quotes_gpc();
@extract(daddslashes($_COOKIE));
@extract(daddslashes($_POST));
@extract(daddslashes($_GET));
if(!$magic_quotes_gpc) {
$_FILES = daddslashes($_FILES);
}
function daddslashes($string, $force = 0) {
if(!$GLOBALS['magic_quotes_gpc'] || $force) {
if(is_array($string)) {
foreach($string as $key => $val) {
$string[$key] = daddslashes($val, $force);
}
} else {
$string = addslashes($string);
}
}
return $string;
}
echo daddslashes('jafoakfok*&%^:"');
还有别人写的
function str_filter($str){
$str=htmlspecialchars($str);
if(!get_magic_quotes_gpc()){
$str=addslashes($str);
}
//过滤危险字符
return preg_replace("/[\"\'=]|(and)|(or)|(create)|(update)|(alter)|(delete)|(insert)|(count)|(%20)|(char)/i","",$str);
}
网上应该还蛮多的.
------解决方案--------------------
mysql的不适用sqlite,sqlite的不适用mysql。
------解决方案--------------------
------解决方案--------------------
親 PDO::Quote 就是加引號而已...哈哈哈 不是額外贈送.
------解决方案--------------------
PDO::Quote
mysql_real_escape_string
都是对特殊字符进行转义
不同的是:后者只针对 mysql,前者可用于所有的数据库
注意不同的数据库对于特殊字符和转义后的结果是不同的
至于 PDO::Quote 会奉送一对单引号,是有他的考虑的
这个函数会在动态绑定时被内部调用。而被预处理的 SQL 表达式中的参数是不需要用单引号括起的。但传递给数据库的 SQL 指令却是要有的
------解决方案--------------------
也不竟然
- PHP code
$db = new PDO('mysql:dbname=test');$ar = array( 'aa', "b'b", 123);$ar = array_map(array($db, 'Quote'), $ar);echo join(',', $ar);<br><font color="#e78608">------解决方案--------------------</font><br>mysql_real_escape_string和其它普通escape函数的不同点在于它是编码安全的,会根据你的cient编码<br>(用mysql_set_charset设定编码)来分析字串而不是全当ansi处理<br><br>PDO::Quote加引号是因为在prepare的时候一般写成:<br>WHERE calories 这样,字串由quote根据变量类型加上引号,而非字串不会加<br><font color="#e78608">------解决方案--------------------</font><br>这问题贴讨论的有意思。<br><font color="#e78608">------解决方案--------------------</font><br><br>据说在新的之前,set xxx. 记不清了,新版本有设定字符的方法,以前所有方案已不推荐。<br><br>mysql_real_escape_string是是编码安全的, 安全级别最高。比addslash之类的都高。 它是编码安全的。<div class="clear">
</div>
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1664
14
1421
52
1315
25
1266
29
1239
24
MySQL's Role: Databases in Web Applications
Apr 17, 2025 am 12:23 AM
The main role of MySQL in web applications is to store and manage data. 1.MySQL efficiently processes user information, product catalogs, transaction records and other data. 2. Through SQL query, developers can extract information from the database to generate dynamic content. 3.MySQL works based on the client-server model to ensure acceptable query speed.
Laravel Introduction Example
Apr 18, 2025 pm 12:45 PM
Laravel is a PHP framework for easy building of web applications. It provides a range of powerful features including: Installation: Install the Laravel CLI globally with Composer and create applications in the project directory. Routing: Define the relationship between the URL and the handler in routes/web.php. View: Create a view in resources/views to render the application's interface. Database Integration: Provides out-of-the-box integration with databases such as MySQL and uses migration to create and modify tables. Model and Controller: The model represents the database entity and the controller processes HTTP requests.
MySQL and phpMyAdmin: Core Features and Functions
Apr 22, 2025 am 12:12 AM
MySQL and phpMyAdmin are powerful database management tools. 1) MySQL is used to create databases and tables, and to execute DML and SQL queries. 2) phpMyAdmin provides an intuitive interface for database management, table structure management, data operations and user permission management.
Solve database connection problem: a practical case of using minii/db library
Apr 18, 2025 am 07:09 AM
I encountered a tricky problem when developing a small application: the need to quickly integrate a lightweight database operation library. After trying multiple libraries, I found that they either have too much functionality or are not very compatible. Eventually, I found minii/db, a simplified version based on Yii2 that solved my problem perfectly.
MySQL vs. Other Programming Languages: A Comparison
Apr 19, 2025 am 12:22 AM
Compared with other programming languages, MySQL is mainly used to store and manage data, while other languages such as Python, Java, and C are used for logical processing and application development. MySQL is known for its high performance, scalability and cross-platform support, suitable for data management needs, while other languages have advantages in their respective fields such as data analytics, enterprise applications, and system programming.
Laravel framework installation method
Apr 18, 2025 pm 12:54 PM
Article summary: This article provides detailed step-by-step instructions to guide readers on how to easily install the Laravel framework. Laravel is a powerful PHP framework that speeds up the development process of web applications. This tutorial covers the installation process from system requirements to configuring databases and setting up routing. By following these steps, readers can quickly and efficiently lay a solid foundation for their Laravel project.
MySQL for Beginners: Getting Started with Database Management
Apr 18, 2025 am 12:10 AM
The basic operations of MySQL include creating databases, tables, and using SQL to perform CRUD operations on data. 1. Create a database: CREATEDATABASEmy_first_db; 2. Create a table: CREATETABLEbooks(idINTAUTO_INCREMENTPRIMARYKEY, titleVARCHAR(100)NOTNULL, authorVARCHAR(100)NOTNULL, published_yearINT); 3. Insert data: INSERTINTObooks(title, author, published_year)VA
Solve MySQL mode problem: The experience of using the TheliaMySQLModesChecker module
Apr 18, 2025 am 08:42 AM
When developing an e-commerce website using Thelia, I encountered a tricky problem: MySQL mode is not set properly, causing some features to not function properly. After some exploration, I found a module called TheliaMySQLModesChecker, which is able to automatically fix the MySQL pattern required by Thelia, completely solving my troubles.
