English 中文(简体)
使用 PDO PHP 的 Mysql_ real_ scape_ 字符串
原标题:mysql_real_escape_string with PDO PHP
  • 时间:2012-05-25 07:36:15
  •  标签:
  • php
  • mysql
  • pdo

我是PDO新来的, 弄得一团乱,

任何人都可以帮忙, 这是我的代码

if(!empty($_POST) && isset($_POST)) { 

include ( connection_pdo.php );

$dbh = new PDO("mysql:host=$host;dbname=$dbname", $user, $pass);

$source_url= mysql_real_escape_string($_POST[ source_url ]);
$class     = mysql_real_escape_string($_POST[ class ]);
$year      = mysql_real_escape_string($_POST[ year ]);
$date      = time();
$ip        = $_SERVER[ REMOTE_ADDR ];

$insert = $dbh->prepare("
  INSERT IGNORE INTO school_students_images
            ( folder_name,  image_url,  source_url,  class, year , date , ip )
    VALUES  (:folder_name, :image_url, :source_url, :class, :year, :date, :ip)
");

$a=0;
while ($a<1000){
$a++;
$insert->execute(array(
             folder_name => $name->content, //** geting from other source
             image_url   => $link[$a], //** geting from other source
             source_url  => $source_url,
             class       => $class ,
             year        => $year ,
             date        => $date,
             ip          => $ip
            ));
}

它不工作得到错误,但如果我用它

    $source_url= ($_POST[ source_url ]);
    $class     = ($_POST[ class ]);
    $year      = ($_POST[ year ]);
    $date      = time();
    $ip        = $_SERVER[ REMOTE_ADDR ];

it is working ... so i am confused is it safe to POST without mysql_real_escape_string into database? (is PDO giving any security by default ?) or i am doing some mistake in this... please help

最佳回答

是的, PDO 自动跳出您的数据, 所以您不需要使用 < code> mysql_ real_ escape_string 。 见 < a href=" https:// stackoverflow.com/ questions/1742066/ why- is- pdo- better- for- escaping- mysql- queries- querystrings- than- mysql- real- escape" 。 (例如) >这里 < a > 。

时间:2012-05-25 07:38:53
问题回答

mysql_real_escape_string 需要通过 mysql 连接到一个通过 mysql_connect 连接到的主动 连接... 因此,是的,它不会起作用。

无论如何,PDO 自动为您执行PDO

时间:2012-05-25 07:39:32

预先准备好的语句无需逃避变量。 驱动程序会自动为您做, 取决于您在下面使用的数据库 。 事实上, 您必须自己去回避它, 因为这会加倍逃跑 。

时间:2012-05-25 07:39:30


上一篇:
下一篇:


相关问题
SQL SubQuery getting particular column

I noticed that there were some threads with similar questions, and I did look through them but did not really get a convincing answer. Here s my question: The subquery below returns a Table with 3 ...

时间:2009-11-13 05:35:38 回答:3 展示:1
please can anyone check this while loop and if condition

<?php $con=mysql_connect("localhost","mts","mts"); if(!con) { die( unable to connect . mysql_error()); } mysql_select_db("mts",$con); /* date_default_timezone_set ("Asia/Calcutta"); $date = ...

时间:2009-11-13 05:25:03 回答:3 展示:1
php return a specific row from query

Is it possible in php to return a specific row of data from a mysql query? None of the fetch statements that I ve found return a 2 dimensional array to access specific rows. I want to be able to ...

时间:2009-11-09 16:40:04 回答:2 展示:1
Character Encodings in PHP and MySQL

Our website was developed with a meta tag set to... <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> This works fine for M-dashes and special quotes, etc. However, I ...

时间:2009-11-09 16:15:32 回答:3 展示:1
Pagination Strategies for Complex (slow) Datasets

What are some of the strategies being used for pagination of data sets that involve complex queries? count(*) takes ~1.5 sec so we don t want to hit the DB for every page view. Currently there are ~...

时间:2009-11-09 16:02:04 回答:5 展示:1
Averaging a total in mySQL

My table looks like person_id | car_id | miles ------------------------------ 1 | 1 | 100 1 | 2 | 200 2 | 3 | 1000 2 | 4 | 500 I need to ...

时间:2009-11-09 14:43:41 回答:4 展示:1
热门标签

友情链接

Allggapp Alljchome-教程家园 mvfinale.com-影视剧情大结局大全