手动指定 mysql_real_escape_string 字符集,因此不需要数据库连接 - 可能吗?
虽然我理解为什么 mysql_real_escape_string 需要一个活动的 mysql 连接来转义各种字符串,但我希望以下内容:
某种手动方式(呃,这里的术语,也许“静态”是正确的术语)将字符集推送到 mysql_real_escape_string 所以运行 mysql_real_escape_string 不需要活动数据库连接。
有些人可能会问为什么我们要在没有活动连接的情况下使用 mysql_real_escape_string ,原因很简单:
a) construct query (this is where the mysql_real_escape_string takes place)
b) create hash (md5, md4, sha1, crc32, choose your poison) from said query
c) check cache (memcached) for hash created in step b
d) query cached in memcached -> return cached results -> terminate script
c) query NOT cached in memcached -> connect to mysql -> cache result to memcached + return result
正如您在上面看到的那样,因为在检查缓存/连接到数据库(如果需要)之前创建查询的哈希值。 .. mysql_real_escape_string 在建立数据库连接之前发生。
这样做的总体目标是,如果我们能够纯粹从缓存命中执行“整个页面请求”,则无需连接到 mysqld。时期。
我们现在拥有的是一大组请求,其中建立了数据库连接,以便 mysql_real_escape_string 可以执行。这似乎没有必要。
所以,总结一下:
我们需要一种方法来安全地转义 mysql 字符串(POST 和 GET 值,因此它需要 100% 安全)而不建立数据库连接。
谢谢。
while i understand why mysql_real_escape_string requires an active mysql connection to escape various strings, i were hoping on the following:
some sort of way to manually (er, terminology here, perhaps 'statically' would be the correct term) push the charset to mysql_real_escape_string so that no active db connection is required to run mysql_real_escape_string.
as some people may ask why we want to mysql_real_escape_string without an active connection, the reasoning is simple:
a) construct query (this is where the mysql_real_escape_string takes place)
b) create hash (md5, md4, sha1, crc32, choose your poison) from said query
c) check cache (memcached) for hash created in step b
d) query cached in memcached -> return cached results -> terminate script
c) query NOT cached in memcached -> connect to mysql -> cache result to memcached + return result
so as you can see with the above, because a hash of the query is created prior to checking the cache / connecting to the db if needed... mysql_real_escape_string takes place BEFORE a db connection is made.
the whole goal of this is so that if we are able to execute a 'whole page request' purely from cache hits, there is just no need to connect to mysqld. period.
what we have now is a large set of requests where the a db connection is made just so that mysql_real_escape_string can execute. this seams un necessary.
so, to summarize:
we need to a way to SAFELY escape mysql strings (POST and GET values, so it needs to be 100% safe) without making a db connection.
thanks.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我建议采用不同的方法:
您不需要在查询上运行哈希,只需在提供的参数上运行它即可。据说每次查询都是相同的。
I'd suggest a different approach:
You don't need to run the hash on the query, you can just run it on the supplied parameters. The query would supposedly be the same every time.
使用 mysql_real_escape_string() 之前需要连接 MySQL,否则会生成 E_WARNING 级别的错误,并返回 FALSE。如果未定义 link_identifier,则使用最后一个 MySQL 连接。
来自 php.net 文档网站。
A MySQL connection is required before using mysql_real_escape_string() otherwise an error of level E_WARNING is generated, and FALSE is returned. If link_identifier isn't defined, the last MySQL connection is used.
As from php.net documentation website.