我应该使用 mysqli_real_escape_string 还是应该使用准备好的语句?
我应该使用 mysqli_real_escape_string
还是应该使用准备好的语句?
Should I use mysqli_real_escape_string
or should I use prepared statements?
我看过一个教程,现在解释了准备好的语句,但我看到它们和 mysqli_real_escape_string
做同样的事情,但它使用了更多行
I've seen a tutorial now explaining prepared statements but I've seen them do the same thing as mysqli_real_escape_string
but it uses more lines
准备好的报表有什么好处吗?您认为最好的方法是什么?
Are there any benefits for prepared statements? What do you think is the best method to use?
推荐答案
准备好的语句.因为无处逃避是一回事.实际上,逃避与任何注射都没有关系,不应该用于保护.
Prepared statements only. Because nowhere escaping is the same thing. In fact, escaping has absolutely nothing to do with whatever injections, and shouldn't be used for protection.
虽然准备好的语句在适用时提供 100% 的安全性.
While prepared statements offer the 100% security when applicable.
相关文章