Is it safe to use mysql_real_escape_string() for user inputs
Question
Recently I am developing little question generation program on PHP. It uses some LaTeX formatted math formulas.
- I had a problem with inserting LaTeX formulas, because no backslash was inserted to MySQL database.
I've described this issue here :
Backslashes are auto-removed while inserting LaTeX formulas to MySQL with PHP
I found a solution by using mysql_real_escape_string(). But this arises another question.
- If backslashes now could be inserted, is my program vulnerable for sql injections or any other tricky input that users could make?
1 answers
solution1
0 ACCPTED 2015-03-27 15:11:08
通常,此功能是专门为清除用户输入而设计的,并且应始终按照文档使用: http : //php.net/manual/en/function.mysql-real-escape-string.php
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Is mysql_real_escape_string necessary if there are no user inputs?
cakephp escape function or mysql_real_escape_string is not safe?
When to use mysql_real_escape_string()
Safe alternative to mysql_real_escape_string? (PHP)
Is it safe to cast as int instead of mysql_real_escape_string
Is it safe to use base64_encode instead of mysql_real_escape_string?
Do I need to use mysql_real_escape_string on all form inputs?
mysql_real_escape_string and ’
Is it necessary to use mysql_real_escape_string() for image into mysql?
mysql_real_escape_string does not escape "
Related Tags