Home >Database >Mysql Tutorial >How to prevent sql injection problem in mysql
Mysql method to prevent sql injection: 1. Turn on the magic mode of php and set [magic_quotes_gpc = on]; 2. Write the code to filter sql special characters in the website code and convert some special characters; 3 , Turn on the website firewall, IIS firewall, and built-in filtering parameters for SQL injection.
Mysql method to prevent sql injection:
1. Turn on the magic mode of php and set magic_quotes_gpc = on
. When some special characters appear on the front end of the website, they will be automatically converted into other symbols, causing the SQL statement to fail to execute. You can also find a professional website security company to handle it. Domestic SINE Security, NSFOCUS, and Venus are all relatively good ones. They can perform security reinforcement on the website, server security protection, and MySQL security deployment.
2. Write the code to filter SQL special characters in the website code, and convert some special characters, such as single quotes, commas, *, (brackets) AND 1=1, backslash, select union, etc. The sql statements of the query are subject to security filtering to limit the input of these characters and prohibit submission to the backend.
3. Turn on the website firewall, IIS firewall, apache firewall, and nginx firewall, all have built-in filtering parameters for SQL injection. When the user inputs parameters such as get, post, and cookies and submits them, they will be detected and intercepted in advance.
More related free learning recommendations: mysql tutorial(video)
The above is the detailed content of How to prevent sql injection problem in mysql. For more information, please follow other related articles on the PHP Chinese website!