Home >Backend Development >PHP Tutorial >Two simple ways to prevent SQL injection attacks and XSS attacks in PHP_PHP Tutorial
Two simple ways to prevent SQL injection attacks and XSS attacks in PHP_PHP Tutorial
- WBOYOriginal
- 2016-07-21 15:39:30911browse
mysql_real_escape_string()
So if the SQL statement is written like this: "select * from cdr where src =".$userId;, it must be changed to $userId=mysql_real_escape_string($userId)
All printing statements such as echo, print, etc. must be filtered using htmlentities() before printing. This can prevent Xss. Note that in Chinese, htmlentities($name,ENT_NOQUOTES,GB2312) must be written.
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:PHP iconv solves the problem of utf-8 and gb2312 encoding conversion_PHP tutorialNext article:PHP iconv solves the problem of utf-8 and gb2312 encoding conversion_PHP tutorial