search

Home  >  Q&A  >  body text

How to intercept numeric SQL injection? Is it valid to verify if it is a number?

Test that adding single and double quotation marks to the sql query can still cause sql injection.

As the title states, can SQL injection be intercepted assuming that the verification parameter is a number?

if (!is_numeric($id)) {
exit('非法'); 
        }

SQL injection is no longer possible in such verification tests, but is this absolutely safe?

Xiaobai asks for help.

顾及顾及1653 days ago1083

reply all(1)I'll reply

  • 路边的小蚂蚁i

    路边的小蚂蚁i2020-05-09 10:37:04

    Use the framework's sql statement encapsulation method. The framework will prevent you from sql injection. When you have enough knowledge and experience, you can study these

    reply
    0
  • Cancelreply