mysql_real_escape_string...其他地方还有自动设置吗?
这里遇到了奇怪的情况。在我的本地 mysql 数据库(v5.1.41)上,如果我要毫无问题地处理用户的引用语法,则需要使用此转义命令。但是我无法在我的 Web 服务器的 mysql 数据库(v5.0.91-community)上使用此命令。如果在 Web 服务器(apache v2.2.13)上使用此命令,则会在用户的引号语法中添加额外的斜杠语法,因此,如果我删除 mysql_real_escape_string 命令,则带引号的输入插入到数据库中不会出现问题。
所以我想知道,除了php之外,apache(v2.2.13)或mysql本身是否有一个设置可以自动处理引号语法,例如PHP的mysql_real_escape_string命令?
先感谢您
Got an odd situation here. On my local mysql database (v5.1.41), I am required to use this escape command if I am to handle users' quotation syntaxs without any problems. However I cannot use this command on my web server's mysql database (v5.0.91-community). If this command is used on the web server (apache v2.2.13), an extra slash syntax is added to the user's quotation syntax, thus if I remove the mysql_real_escape_string command, inputs with quotation marks will have no problems being inserted into the database.
So I was wondering, apart from php, is there a setting within apache (v2.2.13) or within mysql itself that can automatically deal with quotation syntax such as PHP's mysql_real_escape_string command?
Thank you in advance
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
这可能是由于 Magic Quotes 造成的。 禁用或删除它们,它们是一个善意但也令人讨厌的功能。
This is probably due to Magic Quotes. Disable or remove them, they are a well-meant but also annoying feature.
这意味着服务器上启用了 php 设置
magic_quotes_gpc。它已被弃用,并且有一种方法可以解决它 - 通过删除代码开头的斜杠:It means the php setting
magic_quotes_gpcis enabled on the server. It's deprecated, and there's a way to work around it - by removing the slashes at the beginning of your code:我建议您使用 filter_input 来获取用户数据不关心 magic_quotes 和参数化查询来完成数据库工作(请参阅 mysqli 或 PDO)。
I'd recommand you to use filter_input to get your user data as it does not care about magic_quotes, and parameterized queries to do your database job (see mysqli or PDO).