SQL special characters questions for starters, Daniel.
Source: Internet
Author: User
SQL special character problems novice to help you, Daniel.
Younger brother beginner PHP, do not know the user in the Forum to submit the post, everyone in the background to the contents of the content, or direct storage
Another problem is to show the contents of the library to each other, whether directly to the user after the SQL query, or to the library content special character processing after the display.
The first time to do this thing, do not understand, but also look at you Daniel said everyday how do you deal with this SQL storage and library data how to deal with the display to the user?
Thank you, the points are not many, the feeling is true, I wish you all Happy Daniel Life!
------Solution--------------------
Htmlspecialchars ($content);
Htmlspecialchars_decode (); Before the show decode
------Solution--------------------
There are at least two ways I know how to attack.
1,sql Injection
There are a number of workarounds, at the very least, to escape the single quotes of user-submitted data. PHP has a number of such functions such as mysql_escape_string (), Htmlspecialchars (), Addslashes ()
2,XSS attack
For the data to be presented by the user, the HTML tag is strictly escaped. Otherwise, if the user's post contains HTML code, for example, the direct display of the words will be attacked.
Solution as mentioned upstairs, but can not be decoded with htmlspecialchars_decode (), otherwise naught
These tools are common, and if you don't understand it, Google has a bunch of examples
------Solution--------------------
discuss
There are at least two ways I know how to attack.
1,sql Injection
There are a number of workarounds, at the very least, to escape the single quotes of user-submitted data. PHP has a number of such functions such as mysql_escape_string (), Htmlspecialchars (), Addslashes ()
2,XSS attack
For the data to be presented by the user, the HTML tag is strictly escaped. Otherwise, if the user's post contains HTML code, for example, the direct display of the words will be attacked.
Solution as mentioned upstairs, but can not be decoded with htmlspecialchars_decode (), otherwise naught
------Solution--------------------
The contents of the storage, at least to escape the database ambiguous characters ' and so on.
The control of the entrance, relatively safe more.
Just like a firewall, antivirus software. The key is antivirus. Check the poison, it's slow.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
