Are these mysql_real_escape_string usages same?

2023-01-26 00:40 问答作者：

Are they both same? Thanks.

$user = $_POST['user'];
$user = mysql_real_escape_string($user);
$result = mysql_fetch_array(mysql_query("SELECT * FROM accounts WHERE id='$user'"));

$user = $_POST['user'];
$result = mysql_fe开发者_JAVA百科tch_array(mysql_query(sprintf("SELECT * FROM accounts WHERE id='%s'",mysql_real_escape_string($user))));

Yes, that is equivalent.

You can verify it like this:

$user = $_POST['user'];
$user = mysql_real_escape_string($user);
echo "SELECT * FROM accounts WHERE id='$user'";

-vs-

$user = $_POST['user'];
echo sprintf("SELECT * FROM accounts WHERE id='%s'", mysql_real_escape_string($user));

Yes, they are the same

http://php.net/manual/en/function.sprintf.php

Yes they're equivalent. Usually though, you will use sprintf to make the code easier to read, and the query easier to modify:

$user = $_POST['user'];
$sql = sprintf("SELECT * FROM accounts WHERE id='%s'", 
    mysql_real_escape_string($user)
);
$result = mysql_fetch_array(mysql_query($sql));

继续阅读：php

Are these mysql_real_escape_string usages same?

更多精彩内容

精彩评论

最新问答

央视是哪个频道？

请问买过的朋友，舒提啦旅行箱实际使用体验如何？？

检查不孕不育需要的费用？

海信ULED电视画质有什么不同的地方?？

钉子可以挂的住画框幕布吗？

问答排行榜

王昌瑞《潜梦追凶》剧组庆生新锐演员未来可期？

Is it allowed to ask users to enter credit card details for own payment method?

Escaping "<" in Perl-generated XML

imessage会显示已读吗？

微信重新建群怎么建？