是否有用于 postgresql 的 PHP mysql_real_escape_string?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/6030249/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Is there PHP mysql_real_escape_string for postgresql?
提问by Harsh
Is there PHP mysql_real_escape_string for postgresql? if yes then how ? please Give the Examples? & also the work of this string
是否有用于 postgresql 的 PHP mysql_real_escape_string?如果是,那么如何?请举例说明?&还有这个字符串的工作
采纳答案by reko_t
Alternatively you could use prepared statements (pg_prepare) and placeholders ($1, $2, etc), and then give the arguments for the query in pg_execute. This would be my preferred way as it's not only cleaner, but also safer in the long run since there's no chance for SQL injections if you always use placeholders in prepared statements.
另外,您可以使用准备好的语句(pg_prepare)和占位符($1,$2,等),然后提供的参数在查询pg_execute。这将是我的首选方式,因为它不仅更干净,而且从长远来看也更安全,因为如果您总是在准备好的语句中使用占位符,则没有机会进行 SQL 注入。
回答by deceze
See pg_escape_stringat http://www.php.net/manual/en/function.pg-escape-string.php.
见pg_escape_string在http://www.php.net/manual/en/function.pg-escape-string.php。
回答by Frank Heikens
Use pg_query_params():
<?php
$result = pg_query_params(
$dbconn, // database connection
'SELECT * FROM foo WHERE bar = AND baz = ', // query using placeholders
array('value 1','value 2') // all values for the placeholders in a single array
);
?>
Save and very eary to use.
保存并且很容易使用。
回答by Harsh
You have both pg_escape_stringand pg_escape_byteaavailable.
两者都有,pg_escape_string并且pg_escape_bytea可用。
