Home > Article > Backend Development > PHP能用sprintf函数来防止SQL流入吗

PHP能用sprintf函数来防止SQL流入吗

WBOYOriginal: 2016-06-13 12:50:091041browse

PHP能用sprintf函数来防止SQL注入吗？

$sql = sprintf("select count(*) as qty from t_user where f_uid='%s' and f_password='%s'",$password,$userAccount);

这句话能挡住SQL注入吗？

sql注入
------解决方案--------------------
不能，SQL注入的关键在于引号，而sprintf()不会去处理引号。

Statement：

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Previous article：求两个时间点其间有哪些天，比如2013.03.29―2013.04.01之间有20130330，20130331两天 Next article： php 打造注册页面中文无法存入sql 求解

See more

How to use cURL to implement Get and Post requests in PHP
How to use cURL to implement Get and Post requests in PHP
How to use cURL to implement Get and Post requests in PHP
How to use cURL to implement Get and Post requests in PHP
All expression symbols in regular expressions (summary)

PHP能用sprintf函数来防止SQL流入吗

Related articles