PHP » GoLang |
login |
register |
about
|
GoLang mysql_real_escape_string
request it (488)
GoLang replacement for PHP's mysql_real_escape_string
[edit | history]
mysql_real_escape_string(PHP 4 >= 4.3.0, PHP 5) mysql_real_escape_string — Escapes special characters in a string for use in an SQL statement Warning
This extension was deprecated in PHP 5.5.0, and it was removed in PHP 7.0.0. Instead, the MySQLi or PDO_MySQL extension should be used. See also MySQL: choosing an API guide and related FAQ for more information. Alternatives to this function include: Description
string mysql_real_escape_string
( string
$unescaped_string
[, resource $link_identifier = NULL
] )
Escapes special characters in the mysql_real_escape_string() calls MySQL's library function mysql_real_escape_string, which prepends backslashes to the following characters: \x00, \n, \r, \, ', " and \x1a. This function must always (with few exceptions) be used to make data safe before sending a query to MySQL. Caution
Security: the default character setThe character set must be set either at the server level, or with the API function mysql_set_charset() for it to affect mysql_real_escape_string(). See the concepts section on character sets for more information. Parameters
Return Values
Returns the escaped string, or Errors/Exceptions
Executing this function without a MySQL connection present will
also emit Examples
Example #1 Simple mysql_real_escape_string() example
<?php
Example #2 mysql_real_escape_string() requires a connection example This example demonstrates what happens if a MySQL connection is not present when calling this function.
<?php The above example will output something similar to: Warning: mysql_real_escape_string(): No such file or directory in /this/test/script.php on line 5 Warning: mysql_real_escape_string(): A link to the server could not be established in /this/test/script.php on line 5 bool(false) string(41) "SELECT * FROM actors WHERE last_name = ''"
Example #3 An example SQL Injection Attack
<?php The query sent to MySQL: SELECT * FROM users WHERE user='aidan' AND password='' OR ''='' This would allow anyone to log in without a valid password. Notes
See Also
|
more
Recently updated
more
Most requested
more
Last requests
|