Home >Backend Development >PHP Tutorial >PHP and Mysql login features prevent SQL injection
I recently learned about SQL injection and found that many people's login function uses the username and password entered by the user at the same time, combined into a SQL statement, and the query determines whether there is a result to determine whether the login can be performed. For example:
<?php $username = $_POST['username']; $password = $_POST['password']; $sql = "select * from user where username='{$username}' and password='{$password}' "; $this->db->query($sql);
<?php $username = $_POST['username']; $password = $_POST['password']; $sql = "select * from user where username='{$username}' "; $data = $this->db->query($sql); ...... if($data['password'] == $password){ //密码OK }else{ //密码错误 }
In this way, the data is found first, and then PHP itself is used to determine whether the password matches. Does this solve the problem?
Recommended 10 methods to prevent sql injection
The above is the detailed content of PHP and Mysql login features prevent SQL injection. For more information, please follow other related articles on the PHP Chinese website!