php防止sql注入简单分析-php手册-php.cn

Home

php教程

php手册

php防止sql注入简单分析

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 06, 2016 pm 08:06 PM

phpsqlinjectionprevent

这篇文章主要介绍了php防止sql注入的方法,简单分析了通过stripslashes及mysql_real_escape_string函数进行字符转移处理的技巧,非常具有实用价值,需要的朋友可以

本文实例分析了php防止sql注入简单方法。分享给大家供大家参考。具体如下：

这里只说一个简单的方法

防止Sql注入的方法有很多，这里要说的其实就是漏洞演练平台Dvwa里的一种方式

直接看high级别的就可以了

$id = $_GET['id']; $id = stripslashes($id); $id = mysql_real_escape_string($id); if (is_numeric($id)){ $getid = "SELECT first_name,last_name FROM users WHERE user_id='$id'"; $result = mysql_query($getid) or die('

'.mysql_error().'

'); $num = mysql_numrows($result);

可见它的处理方式是首先通过 stripslashes 函数删除变量中的反斜杠 \，
然后再使用函数mysql_real_escape_string 转义特殊字符就行了。
所以当我们编写类似代码的时候

$getid="SELECT first_name,last_name FROM users WHERE user_id='$id'";

我们最简单的方法是

直接将变量$id 进行stripslashes 和 mysql_real_escape_string 处理。

注意：这里并不是说这样就安全了，，这只是其中一种方式我可没说这就安全了。更多的还要依据实际情况进行处理。

希望本文所述对大家的php程序设计有所帮助。

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Assassin's Creed Shadows: Seashell Riddle Solution

3 weeks agoByDDD

What's New in Windows 11 KB5054979 & How to Fix Update Issues

2 weeks agoByDDD

Where to find the Crane Control Keycard in Atomfall

3 weeks agoByDDD

Roblox: Dead Rails - How To Complete Every Challenge

4 weeks agoByDDD

Atomfall guide: item locations, quest guides, and tips

4 weeks agoByDDD

Hot Tools

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Safe Exam Browser

Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.

Atom editor mac version download

The most popular open source editor

EditPlus Chinese cracked version

Small size, syntax highlighting, does not support code prompt function

SecLists

SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.

Hot Topics

Where is the login entrance for gmail email?

7651

CakePHP Tutorial

1392

What is the format of the account name of steam

win11 activation key permanent

nyt mini crossword answers

110