Home >Backend Development >PHP Tutorial >Prevent SQL Injection Two simple ways to prevent SQL injection attacks and XSS attacks in PHP
mysql_real_escape_string()
So if the SQL statement is written like this: "select * from cdr where src = ".$userId;" it must be changed to $userId=mysql_real_escape_string($userId)
All statements with printing such as echo, print Use htmlentities() to filter before printing to prevent Xss. Note that in Chinese, htmlentities($name,ENT_NOQUOTES,GB2312) must be written.
The above introduces two simple methods to prevent SQL injection and XSS attacks in PHP, including preventing SQL injection. I hope it will be helpful to friends who are interested in PHP tutorials.