略微加速

PHP官方手册 - 互联网笔记

PHP - Manual: mysql_escape_string

2024-12-20

mysql_escape_string

(PHP 4 >= 4.0.3, PHP 5)

mysql_escape_string 转义一个字符串用于 mysql_query

说明

mysql_escape_string(string $unescaped_string): string

本函数将 unescaped_string 转义,使之可以安全用于 mysql_query()

注意: mysql_escape_string() 并不转义 %_ 本函数和 mysql_real_escape_string() 完全一样,除了 mysql_real_escape_string() 接受的是一个连接句柄并根据当前字符集转移字符串之外。mysql_escape_string() 并不接受连接参数,也不管当前字符集设定。

示例 #1 mysql_escape_string() 例子

<?php
    $item 
"Zak's Laptop";
    
$escaped_item mysql_escape_string($item);
    
printf ("Escaped string: %s\n"$escaped_item);
?>

以上例子将产生如下输出:

Escaped string: Zak\'s Laptop

参见 mysql_real_escape_string()addslashes()magic_quotes_gpc 指令。

add a noteadd a note

User Contributed Notes 2 notes

up
8
PHPguru
7 years ago
You can use this function safely with your MySQL database queries if and only if you are sure that your database connection is using ASCII, UTF-8, or ISO-8859-* and that the backslash is your database's escape character. If you're not sure, then use mysqli_real_escape_string instead. This function is not safe to use on databases with multi-byte character sets.

The only benefit of this function is that it does not require a database connection.
up
-28
s dot marechal at jejik dot com
11 years ago
The exact characters that are escaped by this function are the null byte (0), newline (\n), carriage return (\r), backslash (\), single quote ('), double quote (") and substiture (SUB, or \032).

官方地址:https://www.php.net/manual/en/function.mysql-escape-string.php

北京半月雨文化科技有限公司.版权所有 京ICP备12026184号-3