我觉得mysql防注入没有必要啊？-PHP Tutorial-php.cn

Home

Backend Development

PHP Tutorial

我觉得mysql防注入没有必要啊？

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 20, 2016 pm 12:34 PM

最近在研究sql注入防止，都是在转义用户输入的一些特殊字符，我觉得好像没有这个必要啊。

用户登陆，我只允许数字、字母、下划线，如果出现特殊字符我直接提示不对，都不会dql。

你们说对吗？

回复讨论(解决方案)

你在客户端限制的还是服务端限制的？

服务器端啊，php 正则如果发现不是我允许的字符出现，直接提示有特殊字符，不会dql，也不会给这些特殊字符注入的机会，

当然，这是我的想法，我不知道有没有什么弊端

那别人还千方百计的防注入干嘛

当然，这是我的想法，我不知道有没有什么弊端

楼主最近在看好心作怪？

人家多高级的系统，只要想，都能破解。我们只要不让菜鸟们破了就行。其他的听天由命

想破坏你的程序的人肯定不会按照正常人那样去用你的页面的，他们能绕过你的输入框，比如直接在地址栏操作，如果你不加防备，一有缺口就能让别人注入。。。

我只允许数字、字母、下划线

如果是这样的话，那么确实不存在数据库注入了

sql注入不仅仅是输入框还有地址栏上的传参

人家多高级的系统，只要想，都能破解。我们只要不让菜鸟们破了就行。其他的听天由命

基本赞同。

你在客户端限制的还是服务端限制的？

服务器端啊，php 正则如果发现不是我允许的字符出现，直接提示有特殊字符，不会dql，也不会给这些特殊字符注入的机会，
既然是服务器端验证，只要验证到位，应该没问题了~~~

新手路过学习

你判断参数时候已经是在做防注入工作了.

关注，好多国内开源系统随便注入，但是像drupal就不行了，完全是数据库抽象层，没法注入

------------------------------------------------------ AutoCSDN签名档------------------------------------------------------

码农场——码农播种代码、放牧思想的农场！

我感觉嘛注册登录的时候进行验证只是能防止出现万能密码这种东西类似注释掉SLQ后边的判断语句啥的.. = = 网站注入更多的还是网页传参

用PDO 吧，严格按照格式来，那么你就不用担心注入了

楼主理解的防sql注入的方式太片面化了，特殊字符转义和参数的强校验都属于防sql注入的手段。两者配合效果才好。

用户提交的请求，过滤非法字符。

16#绝对正确

防注入啊，防什么的！都是防君子不防小人的！

你这样是直接在客户端上进行判断吗？要是在客户端上做判断的话，先不说在客户端上做判断安不安全，客户端做判断用JS，别人可以在客户端上设置JS脚本不加载，不执行JS！你的判断形同虚设，如果你用服务器端你还是要做SQL注入

有的时候不要太片面，防SQL注入的存在就有他存在的意义，在客户端上做单一判断只会让你的数据库崩溃，客户端是用户唯一的路径也是最危险的SQL出口，一般都是在客户端上进行一次过滤，在SQL上在防止一次SQL注入

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Working with Flash Session Data in LaravelMar 12, 2025 pm 05:08 PM

Laravel simplifies handling temporary session data using its intuitive flash methods. This is perfect for displaying brief messages, alerts, or notifications within your application. Data persists only for the subsequent request by default: $request-

cURL in PHP: How to Use the PHP cURL Extension in REST APIsMar 14, 2025 am 11:42 AM

The PHP Client URL (cURL) extension is a powerful tool for developers, enabling seamless interaction with remote servers and REST APIs. By leveraging libcurl, a well-respected multi-protocol file transfer library, PHP cURL facilitates efficient execution of various network protocols, including HTTP, HTTPS, and FTP. This extension offers granular control over HTTP requests, supports multiple concurrent operations, and provides built-in security features.

Simplified HTTP Response Mocking in Laravel TestsMar 12, 2025 pm 05:09 PM

Laravel provides concise HTTP response simulation syntax, simplifying HTTP interaction testing. This approach significantly reduces code redundancy while making your test simulation more intuitive. The basic implementation provides a variety of response type shortcuts: use Illuminate\Support\Facades\Http; Http::fake([ 'google.com' => 'Hello World', 'github.com' => ['foo' => 'bar'], 'forge.laravel.com' =>

12 Best PHP Chat Scripts on CodeCanyonMar 13, 2025 pm 12:08 PM

Do you want to provide real-time, instant solutions to your customers' most pressing problems? Live chat lets you have real-time conversations with customers and resolve their problems instantly. It allows you to provide faster service to your custom

PHP Logging: Best Practices for PHP Log AnalysisMar 10, 2025 pm 02:32 PM

PHP logging is essential for monitoring and debugging web applications, as well as capturing critical events, errors, and runtime behavior. It provides valuable insights into system performance, helps identify issues, and supports faster troubleshoot

Explain the concept of late static binding in PHP.Mar 21, 2025 pm 01:33 PM

Article discusses late static binding (LSB) in PHP, introduced in PHP 5.3, allowing runtime resolution of static method calls for more flexible inheritance.Main issue: LSB vs. traditional polymorphism; LSB's practical applications and potential perfo

Customizing/Extending Frameworks: How to add custom functionality.Mar 28, 2025 pm 05:12 PM

The article discusses adding custom functionality to frameworks, focusing on understanding architecture, identifying extension points, and best practices for integration and debugging.

Framework Security Features: Protecting against vulnerabilities.Mar 28, 2025 pm 05:11 PM

Article discusses essential security features in frameworks to protect against vulnerabilities, including input validation, authentication, and regular updates.

See all articles