Thread: db_escape
View Single Post
Old 21/03/2017, 04:04 PM   #1
GaByM
Big Clucker
 
GaByM's Avatar
 
Join Date: Jan 2014
Location: Romania
Posts: 111
Reputation: 7
Default db_escape

db_escape e folosit pentru a impiedica SQL injection. Dar daca eu am scriptul asa:

Code:
"SELECT * FROM users WHERE name = '%s' LIMIT 0, 1"
%s e pus intre ghilimele, deci nu mai poti sa iti pui numele 'x OR 1=1'. Mai trebuie db_escape acum?
GaByM is offline   Reply With Quote