Difference between htmlspecialchars and mysqli_real_escape_string?

Question

Difference between htmlspecialchars and mysqli_real_escape_string?

I read in a PHP book that it is recommended to use htmlspecialcharsalso mysqli_real_escape_stringin conditions when we process the data entered by the user. What is the main difference between the two and where are they suitable for use? Please guide me.

+5

php mysql

Naeem Ul Wahhab Dec 7 '11 at 16:45

source share

5 answers

These two functions are used for completely different things.

htmlspecialchars() HTML- , . mysql_real_escape_string() SQL, SQL.

, htmlspecialchars OUTPUT, mysql_real_escape_string INPUT.

+5

Shai Mishali 07 . '11 16:48

; , -.

mysqli_real_escape_string SQL-.

htmlspecialchars (XSS).

. PHP? htmlspecialchars mysql_real_escape_string PHP ?

+4

Jon 07 . '11 16:49

htmlspecialcharacters "html " , , ( , ), /, . , -, HTML- XSS.

mysql_real_escape_string escapes string, , \ , ( , ) , mysql. , SQL .

+1

Tim Withers 07 . '11 16:49

, - - PHP , , PHP, CakePHP CodeIgniter, ?

0

dendini 07 . '11 17:00

Egorecords · Accepted Answer · 2011-12-07T16:50:03+0000

htmlspecialchars: "<" "& lt;" (Replaces HTML)

mysqli_real_escape_string: "to \" (Replaces the code that makes sense in the mysql query)

Both are used to protect against certain attacks such as SQL-Injection and XSS.

Difference between htmlspecialchars and mysqli_real_escape_string?

More articles: