PHP mysqli_real_escape_string argument
Question
I am not asking how to use the function.
I know what the function mysqli_real_escape_string is about or how to use it, but I want to ask, why does its first argument require a reference to a mysqli connection?
Here are some guesses, but I don't know if I guessed correctly:
- Does the function trigger any calls to the database connection such that it requires a connection to escape the string with?
- Is this some technical constraint in the PHP implementation?
- Or any other reasons?
This problem is troubling me because I have multithreading in my software, and I have a function that accepts a string query as parameter and pushes the query to another thread to execute, so I can't get an instance of MySQLi to escape strings in my query with.
2 answers
solution1
2 2016-01-20 11:48:30
From http://php.net/manual/de/mysqli.real-escape-string.php : mysqli::real_escape_string -- mysqli_real_escape_string — Escapes special characters in a string for use in an SQL statement, taking into account the current charset of the connection
so in short: the function has to know what charset your connection uses.
solution2
1 ACCPTED 2016-01-20 13:25:04
Alternative to mysql_real_escape_string without connecting to DB
This basically explains why. The has to know what char set the MySQL connection uses. If you don't, multi-byte SQL injections may be possible, depending on your code. Anyways, you are required to use a MySQL instance unless you write your own function.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.