基础php mysql 防止sql攻击注入的办法
- WBOYOriginal
- 2016-05-25 16:40:561225browse
我们利用了php自带的Magic Quotes来判断是否是开启了,如果是就stripslashes否则就用mysql_real_escape_string来过滤,实例代码如下:
//如果Magic Quotes功用启用
if (get_magic_quotes_gpc()) {
$name = stripslashes($name);
}else{
$name = mysql_real_escape_string($name);
}
mysql_query("SELECT * FROM users WHERE name='{$name}'");注:mysql_real_escape_string函数要等到mysql数据库连接成功才有效.
本文链接:
收藏随意^^请保留教程地址.
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:PHP整站防注入程序 Next article:PHP-5.3.9远程执行任意代码漏洞