Accidental attention to database security related issues, as follows
Source: Internet
Author: User
Accidental attention to database security issues, as follows
One table ID field primary KEY self-increment
If you want to delete a piece of data
So
"Delete from Test where id=". $_post[' ID ']
The question is, is it possible that this is not safe?
"Delete from Test where id=". $_post[' ID ']
$_post[' id '] = 2 or 1=1 situation
Will this happen, causing all of the deletions to occur?
------Solution--------------------
Yes, so it's generally quoted for numeric types.
"Delete from test where id= ' $_post[id] '"
------Solution--------------------
It's possible. This is often said to be anti-SQL injection. Escapes special characters.
------Solution--------------------
It's impossible to have an escape if it's quoted.
------Solution--------------------
Intval
------Solution--------------------
Method One: Set in php.ini: MAGIC_QUOTES_GPC = Off
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.