Geek Answers Handbook

Each call to mysql_real_escape_string requires a different trip to the database?

http://php.net/manual/en/function.mysql-real-escape-string.php :

mysql_real_escape_string () calls the MySQL library function mysql_real_escape_string, which adds a backslash to the following characters: \ x00, \ n, \ r, \, ', "and \ x1a.

Okay, so basically, if I ever do something like this:

mysql_query("insert T(C)select'".mysql_real_escape_string($value)."'")

Am I making 1 trip to the database for the mysql_real_escape_string function and another trip for the mysql_query = 2 function to the database?

+5
source share
1 answer

The fact that he uses the mysql library does not mean that he is traveling around the world with the server.

mysql, , php-. , . PHP.

( linux), script :

<?php
$link = mysql_connect('localhost', 'user', 'pass');
echo "Connection done\n";
echo mysql_real_escape_string("this ' is a test");
?>

strace:

$ strace php t.php
....            # here comes the connection to mysql, socket fd == 3
connect(3, {sa_family=AF_FILE, path="/var/run/mysqld/mysqld.sock"}, 110) = 0
fcntl(3, F_SETFL, O_RDWR)               = 0
setsockopt(3, SOL_SOCKET, SO_RCVTIMEO, "\2003\341\1\0\0\0\0\0\0\0\0\0\0\0\0", 16) = 0
....            # talking with mysql here
poll([{fd=3, events=POLLIN}], 1, 60000) = 1 ([{fd=3, revents=POLLIN}])
read(3, "8\0\0\0\n5.1.58-log\0\3\0\0\0K-?4'fL+\0\377\367!"..., 16384) = 60
...
read(3, "\7\0\0\2\0\0\0\2\0\0\0", 16384) = 11
                # first php echo
write(1, "Connection done\n", 16Connection done    )       = 16
                # second php echo
write(1, "this \\' is a test", 17this \' is a test)      = 17
munmap(0x7f62e187a000, 528384)          = 0
....

, , write, echo, syscall - syscall ( linux ).

+5

More articles:


All Articles