Test that adding single and double quotation marks to the sql query can still cause sql injection.
As the title states, can SQL injection be intercepted assuming that the verification parameter is a number?
if (!is_numeric($id)) { exit('非法'); }
SQL injection is no longer possible in such verification tests, but is this absolutely safe?
Xiaobai asks for help.
路边的小蚂蚁i2020-05-09 10:37:04
Use the framework's sql statement encapsulation method. The framework will prevent you from sql injection. When you have enough knowledge and experience, you can study these