0
这是我的代码:“mysqli_real_escape_string”足以避免SQL注入或其他SQL攻击吗?
$email= mysqli_real_escape_string($db_con,$_POST['email']);
$psw= mysqli_real_escape_string($db_con,$_POST['psw']);
$query = "INSERT INTO `users` (`email`,`psw`) VALUES ('".$email."','".$psw."')";
有人能告诉我,如果它是安全的,或者如果它很容易受到SQL注入攻击或其他SQL攻击?
可能重复的[SQL注入该得到周围的MySQL \ _REAL \ _escape \ _string()](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-实时逃生字符串) – uri2x