Using php filter_var with mysql_real_escape_string

后端 未结 4 868
佛祖请我去吃肉
佛祖请我去吃肉 2021-02-13 16:28

I would like to start my question by saying, I realize PDO/mysqli is the new standard and has been widely covered on SO. However in this particular case I dont have time to conv

4条回答
  •  爱一瞬间的悲伤
    2021-02-13 17:08

    Using both is fine, but what you should really be doing is not to use mysql_ at all. You should instead use PDO or mysqli_ with prepared statements to avoid SQL injection.

    See How can I prevent SQL injection in PHP?

    Or for a guide of how to switch to MySQLi the see Can I blindly replace all mysql_ functions with mysqli_?

提交回复
热议问题