PHP's mysql_real_escape_string and MySQL Injection
问题 I have been trying to figure out how exactly \x00, \n, \r, \, or \x1a can cause an SQL Injection (as it is mentioned at http://nl3.php.net/manual/en/function.mysql-real-escape-string.php) I understand the idea of single quote and double quotes, but how and why I need to take care of the other items to make my query safe? 回答1: I was wondering about the same question and I found the answer in the C API documentation of MySQL, it states: Characters encoded are “\”, “'”, “"”, NUL (ASCII 0), “\n”,