10 recommended methods to prevent SQL injection

(1) mysql_real_escape_string--Escape the special characters in the string used in the SQL statement, taking into account that the current character set of the connection is used as follows:? 123$sql= "SELECT COUNT (*) asctr from users where Username= ' ". Mysql_real_escape_string ($username)." ' Andpassword= ' ". Mysql_real_escape_string ($PW). "' Limit 1 "; using mysql_real_escape_string () as the wrapper for user input, you can avoid any malicious SQL injection in user input. (2) Open MAGIC_QUOTES_GPC to prevent SQL injection php.ini has a setting: MAGIC_QUOTES_GPC = off This default is off, if it is turned on will automatically put the user

1. The most comprehensive approach to preventing SQL injection

Introduction:: This article mainly introduces the most comprehensive prevention of SQL injection method, for PHP tutorial interested students can refer to.

2. Http://www.56.com/m2v/?magic=1 Advanced PHP Injection Method collection 1th/2 page

Introduction: Http://www.56.com/m2v/?magic=1:http://www.56.com/m2v/?magic=1 Advanced PHP Injection method highlights 1th 2: '%23 ' and password= ' Mypass id=-1 Union Select 1,1,1 Id=-1 Union Select char ($), char ($), char () id=1 Union select 1,1,1 from members id=1 Union select 1, From a

3. PHP to prevent SQL injection method and instance code

Introduction: PHP Prevention SQL injection method and instance code

4. Advanced PHP Injection Method collection 1th/2 page _php Tutorial

Summary: Advanced PHP Injection Method Highlights page 1th/2. '%23 ' andpassword= ' Mypass id=-1unionselect1,1,1 Id=-1unionselectchar (), char (+), char (ID=1UNIONSELECT1), 1,1frommembers Id=1unionselect1,1,1fromadmin Id=1unionselect1,1,1fromuser

5. PHP Web page to prevent SQL injection method Configuration _php Tutorial

Introduction: PHP Web page to prevent SQL injection method configuration. Prerequisite is that we need to have the server's administrative rights, that is, you can modify the php.ini file, the following I would like to introduce the modification of PHP configuration file to prevent SQL injection method There are friends who need to learn

6. PHP Anti-SQL injection method Summary and Analysis _php tutorial

Introduction: PHP Anti-SQL injection method summary analysis. In the program development of SQL injection is a common problem that everyone will consider, let me analyze the usual SQL anti-injection code, the need for friends to refer to. 1. PHP Submission Data

7. Learn more about SQL injection methods in PHP _php tutorial

Summary: Learn about SQL injection in PHP in your own way. I understand the SQL injection in PHP some of the methods introduced, the following is the most common SQL injection method, the need for a friend to refer to. What is injection? For example, we are querying the data

8. PHP Anti-SQL injection Method (_php) tutorial

Introduction: PHP Anti-SQL injection method detailed (1/4). MAGIC_QUOTES_GPC = off injection Attack MAGIC_QUOTES_GPC = off is a very insecure option in the PHP tutorial. The new version of PHP has changed the default value to ON. But there are still phases

9. Learn more about the SQL injection method (1/3) _php Tutorial

Description: Details about the SQL injection method (1/3). Due to the PHP tutorial and the MySQL tutorial itself reasons, Php+mysql injection is more difficult than the ASP tutorial, especially the construction of the sentence is a difficult point, this article is mainly borrowed to okphp BBS v1.3 a

PHP.ini MAGIC_QUOTES_GPC Configuring the Anti-injection method (1/5) _php Tutorial

Introduction: PHP.ini MAGIC_QUOTES_GPC Configuration Anti-injection method (1/5). PHP Tutorial. ini MAGIC_QUOTES_GPC Configuration Anti-injection method 1. The MAGIC_QUOTES_GPC option in PHP config file php.ini is not turned on and is set to off 2. The developer does not check the data type

"Related question and answer recommendation":

PHP-all configuration information correctly injected method?

Phalcon-php-dependency injection Dependency Injection and auto-load respective pros and cons