php – 不太了解SQL注入
发布时间:2020-12-13 17:20:59 所属栏目:PHP教程 来源:网络整理
导读:我已经阅读了很多关于sql注入的内容,我理解它是如何导致问题的(即:DROP TABLE __ etc).但我不确定我所遵循的教程实际上是如何防止这种情况发生的.我只是在学习PDO,我想我理解它. 这段代码是否可以安全地从SQL注入?为什么呢? (使用这些准备好的语句需要花
|
我已经阅读了很多关于sql注入的内容,我理解它是如何导致问题的(即:DROP TABLE __ etc).但我不确定我所遵循的教程实际上是如何防止这种情况发生的.我只是在学习PDO,我想我理解它.
这段代码是否可以安全地从SQL注入?为什么呢? (使用这些准备好的语句需要花费更多的工作,所以我想确保我不仅浪费时间 – 如果代码可以改进,请告诉我!) $conn = new PDO("mysql:host=$DB_HOST;dbname=$DB_DATABASE",$DB_USER,$DB_PASSWORD);
// Get the data
$firstname = $_POST["v_firstname"];
$lastname = $_POST["v_lastname"];
$origincountry = $_POST["v_origincountry"];
$citizenship = $_POST["v_citizenship"];
$gender = $_POST["v_gender"];
$dob = $_POST["v_dob"];
$language = $_POST["v_language"];
$landing = $_POST["v_landing"];
$email = $_POST["v_email"];
$phone = $_POST["v_phone"];
$cellphone = $_POST["v_cellphone"];
$caddress = $_POST["v_caddress"];
$paddress = $_POST["v_paddress"];
$school = $_POST["v_school"];
$grade = $_POST["v_grade"];
$smoker = $_POST["v_smoker"];
$referred = $_POST["v_referred"];
$notes = $_POST["v_notes"];
//Insert Data
$sql = "INSERT INTO clients (firstname,lastname,origincountry,citizenship,gender,dob,language,landing,email,phone,cellphone,caddress,paddress,school,grade,smoker,referred,notes)
VALUES (:firstname,:lastname,:origincountry,:citizenship,:gender,:dob,:language,:landing,:email,:phone,:cellphone,:caddress,:paddress,:school,:grade,:smoker,:referred,:notes)";
$q = $conn->prepare($sql);
$q->execute(array(':firstname'=>$firstname,':lastname'=>$lastname,':origincountry'=>$origincountry,':citizenship'=>$citizenship,':gender'=>$gender,':dob'=>$dob,':language'=>$language,':landing'=>$landing,':email'=>$email,':phone'=>$phone,':cellphone'=>$cellphone,':caddress'=>$caddress,':paddress'=>$paddress,':school'=>$school,':grade'=>$grade,':smoker'=>$smoker,':referred'=>$referred,':notes'=>$notes));
解决方法
是的,代码是安全的,因为PDO将正确地转义并为您引用参数数组.
(编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |