mysql_real_escape_string()
对%
(百分比)字符做了什么以及它代表了多少安全风险(以及如何修复它)?
From the mysql_real_escape_string()
documentation :
Note: mysql_real_escape_string() does not escape % and _. These are wildcards in MySQL if combined with LIKE, GRANT, or REVOKE.
As far as security, unless you are running a LIKE
, GRANT
, or REVOKE
, it's a non-issue. LIKE
is probably the only real concern. It's up to you how you would want to escape it in these situations.
A quick example:
"... LIKE '%" . mysql_real_escape_string($string) . "%' ..."
It does not do nothing with % character. Why didn't you try it?
Taken from:
http://php.net/manual/en/function.mysql-real-escape-string.php
Note: mysql_real_escape_string() does not escape % and _. These are wildcards in MySQL if combined with LIKE, GRANT, or REVOKE.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.