阅读背景:

只有逃避必要的东西才有可能吗?

来源:互联网 

I am working with a team of developers on a website. The website will be using classes. I am in charge of creating the data access layer for the classes. There is an understanding that all user input will be escaped upon retrieval (from the post or get). Having little control over the input level (unless I personally review everyone's code), I thought it would be cool to throw in escaping on my end as well (right before it hits the database). The problem is that I don't know how to use mysql_real_escape_string without adding even more slashes. I am working with a team of developers on a web




你的当前访问异常,请进行认证后继续阅读剩余内容。

分享到: