这个问题在这里已有答案:
如何在PHP中阻止SQL注入? 28个答案我应该使用mysqli_real_escape_string还是应该使用mysqli_real_escape_string准备语句?
我已经看过一个教程,现在解释预处理语句,但我看到它们与mysqli_real_escape_string做同样的事情,但它使用了更多的行
准备好的陈述有什么好处吗? 你认为最好的方法是什么?
This question already has an answer here:
How can I prevent SQL injection in PHP? 28 answersShould I use mysqli_real_escape_string or should I use prepared statements?
I've seen a tutorial now explaining prepared statements but I've seen them do the same thing as mysqli_real_escape_string but it uses more lines
Are there any benefits for prepared statements? What do you think is the best method to use?
最满意答案
仅准备好的陈述 。 因为无处逃避是一回事。 实际上,逃逸与任何注射完全无关,不应用于保护。
准备好的报表在适用时提供100%的安全性。
Prepared statements only. Because nowhere escaping is the same thing. In fact, escaping has absolutely nothing to do with whatever injections, and shouldn't be used for protection.
While prepared statements offer the 100% security when applicable.
更多推荐
发布评论