我可以安全地将哪些字符插入SQL数据库而不进行转义?
[英]Which characters can I safely insert into an SQL database without escaping?
问题描述
I've had a look on Google to try and find out which characters are safe to insert into a MySQL database, but every time someone just seems to say "it's fine as long as you use *_real_escape_string 
我曾在Google上进行过尝试,试图找出可以安全地插入MySQL数据库的字符,但是每次有人似乎只是说“只要您使用*_real_escape_string
I'm trying to find out which different special characters I can use to generate a salt, so escaping characters will be no good since the salt column is limited to char(10) 我正在尝试找出可用于生成盐的不同特殊字符,因此转义字符将是不好的,因为盐列仅限于char(10)
The salt is automatically generated. 盐自动生成。 Am I correct in thinking anything except the following characters are okay? 除了以下几个字符还可以的时候,我是否在思考其他内容是否正确?
- ' “
- " “
- \\ \\
1 个解决方案
解决方案1
5 已采纳 2014-08-07 00:59:10
You should never ask such a question actually. 实际上,您永远不应问这样的问题。
You must always use prepared statements/placeholders and not care of the actual characters. 您必须始终使用准备好的语句/占位符,而不要关心实际字符。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.