Shulou(Shulou.com)06/03 Report--

This article is about what mysql escape functions are available in php. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

Php mysql escape functions are: 1, addslashes function; 2, htmlspecialchars function; 3, htmlentities function; 4, mysql_real_escape_string function and so on.

This article operating environment: Windows7 system, PHP7.1 version, Dell G3 computer

What are the php mysql escape functions?

Php mysql escape function

When developing the sql query gadget, when POST submits the sql statement to the background to query the data, the backend accepts the

A syntax error is reported when the sql statement is called.

But there is no problem printing out the submitted statements. Think about it. It must be a coding or escape problem.

$sqlQuery = html_entity_decode ($_ POST ["content"]); $sqlQuery = stripslashes ($sqlQuery); [object Object]

The following mainly introduces the escape functions and security functions commonly used in PHP. Using these functions, you can filter most of the common attacks, such as SQL injection. Friends who need them can refer to them.

1. Addslashes addslashes escapes the special characters in the SQL statement, including ('), ("), (), (NUL). This function is used when DBMS does not have its own escape function, but if DBMS has its own escape function, it is recommended to use the original function. For example, MySQL has a mysql_real_escape_string function to escape SQL. Note that before PHP5.3, magic_quotes_gpc is enabled by default, and it mainly performs addslashes operations on $GET, $POST, and $COOKIE, so there is no need to repeatedly call addslashes on these variables, otherwise it will double escaping. However, magic_quotes_gpc has been abandoned in PHP5.3 and has been removed since PHP5.4, so you don't have to worry about it if you use the latest version of PHP. Stripslashes is the unescape function of addslashes.

2. Htmlspecialchars htmlspecialchars escapes several special characters in HTML into HTML Entity (format: & xxxx;), including (&), ('), ("), () five characters.

& (AND) = > & "(double quotation marks) = >" (when ENT_NOQUOTES is not set)'(single quotation marks) = >'(when ENT_QUOTES is set)

(greater than sign) = > >

Htmlspecialchars can be used to filter $GET,$POST,$COOKIE data to prevent XSS. Note that the htmlspecialchars function only escapes HTML characters that are considered to be a security risk. Use htmlentities if you want to escape all HTML characters that can be escaped. Htmlspecialchars_decode is the decode function of htmlspecialchars.

3. Htmlentities

Htmlentities escapes what can be escaped in HTML into HTML Entity. Html_entity_decode is the decode function of htmlentities.

4. Mysql_real_escape_string

Mysql_real_escape_string calls MySQL's library function mysql_real_escape_string to escape (\ x00), (\ n), (\ r), (), ('), (\ x1a) by adding a backslash () in front of it to prevent SQL injection. Note that you do not need to call stripslashes to unescape when reading the database data, because these backslashes are added when the database executes SQL, and the backslashes are removed when the data is written to the database, so the content written to the database is the original data, and there is no backslash in front of it.

5. Strip_tagsstrip_tags will filter out the tags of NUL,HTML and PHP.

6.stripslashes ()

Function removes the backslash added by the addslashes () function.

7. Conclusion the security function of PHP can not completely avoid XSS, so it is recommended to use HTML Purifier.

Thank you for reading! This is the end of this article on "what mysql escape functions are in php". I hope the above content can be helpful to you, so that you can learn more knowledge. if you think the article is good, you can share it for more people to see!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.