php - 这些PHP和Mysql脚本中的哪一个更安全，更安全？

脚本1更安全吗？

";
 }
 else
 {
  queryMysql("CREATE TABLE $name($query)");
  echo "Table '$name' created
";
 }
}

function tableExists($name)
{
 $result = queryMysql("SHOW TABLES LIKE '$name'");
 return mysql_num_rows($result);
}

function queryMysql($query)
{
 $result = mysql_query($query) or die(mysql_error());
 return $result;
}

function destroySession()
{
 $_SESSION=array();

 if (session_id() != "" || isset($_COOKIE[session_name()]))
     setcookie(session_name(), '', time()-2592000, '/');

 session_destroy();
}

function sanitizeString($var)
{
 $var = strip_tags($var);
 $var = htmlentities($var);
 $var = stripslashes($var);
 return mysql_real_escape_string($var);
}

function showProfile($user)
{
 if (file_exists("$user.jpg"))
  echo "img src='$user.jpg' border='1' align='left' />";

 $result = queryMysql("SELECT * FROM rnprofiles WHERE user='$user'");

 if (mysql_num_rows($result))
 {
  $row = mysql_fetch_row($result);
  echo stripslashes($row[1]) . "
";
 }
}
?>

或脚本2更安全吗？

MySQL Error: " . mysql_error());

  // Print a message to the user, include the footer, and kill the script.
  include ('./includes/footer.htm');
  exit();

 } // End of mysql_select_db IF.

} else { // If it couldn't connect to MySQL.

 // Print a message to the user, include the footer, and kill the script.
 trigger_error("Could not connect to MySQL!\n
MySQL Error: " . mysql_error());
 include ('./includes/footer.htm');
 exit();

} // End of $dbc IF.

// Create a function for escaping the data.
function escape_data ($data) {

 // Address Magic Quotes.
 if (ini_get('magic_quotes_gpc')) {
  $data = stripslashes($data);
 }

 // Check for mysql_real_escape_string() support.
 if (function_exists('mysql_real_escape_string')) {
  global $dbc; // Need the connection.
  $data = mysql_real_escape_string (trim($data), $dbc);
 } else {
  $data = mysql_escape_string (trim($data));
 }

 // Return the escaped value. 
 return $data;

} // End of function.
?>

这些PHP和Mysql脚本中的哪一个更安全，更安全？

2 个答案: