Home >Backend Development >PHP Tutorial >Prevent SQL Injection Two simple ways to prevent SQL injection attacks and XSS attacks in PHP

Prevent SQL Injection Two simple ways to prevent SQL injection attacks and XSS attacks in PHP

WBOY
WBOYOriginal
2016-07-29 08:42:211476browse

mysql_real_escape_string()
So if the SQL statement is written like this: "select * from cdr where src = ".$userId;" it must be changed to $userId=mysql_real_escape_string($userId)
All statements with printing such as echo, print Use htmlentities() to filter before printing to prevent Xss. Note that in Chinese, htmlentities($name,ENT_NOQUOTES,GB2312) must be written.

The above introduces two simple methods to prevent SQL injection and XSS attacks in PHP, including preventing SQL injection. I hope it will be helpful to friends who are interested in PHP tutorials.

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn