mysql-escape-string

问题 So this is something we all should know about, and played on my mind when I first seen it.. I know that mysql_escape_string is deprecated from 5.3 but what was the actual difference in mysql_real_escape_string . What I thought was that mysql_real_escape_string is the exact same as mysql_escape_string apart from mysql_real_escape_string takes a second argument for the mysql resource. so then I thought well surly there must be some difference as to how strings are handled because there would

问题 As we all know, we cannot use raw MySQL queries in frameworks such as Yii. I want to use mysql_escape_string in my project which runs in Yii framework to get away from SQL injection in user input. I am aware that mysql_escape_string is deprecated in PHP 5.5 and that I have a PDO alternative. What is the alternative in Yii framework and also the PDO way of mysql_escape_string()? 回答1: The alternative to mysql_escape_string in PDO is using prepared statements. In Yii for example: $user = Yii: