PHP中防止SQL注入攻击和XSS攻击的两个简单方法
- WBOYOriginal
- 2016-06-13 12:17:35763browse
mysql_real_escape_string()
所以得SQL语句如果有类似这样的写法:"select * from cdr where src =".$userId; 都要改成 $userId=mysql_real_escape_string($userId)
所有有打印的语句如echo,print等 在打印前都要使用htmlentities() 进行过滤,这样可以防止Xss,注意中文要写出htmlentities($name,ENT_NOQUOTES,GB2312) 。
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:PHP iconv 解决utf-8和gb2312编码转换问题Next article:php empty函数判断mysql表单是否为空