[head First Php&mysql] reading notes-Basic Safety Information (fifth chapter)

1. Send a header to the client with the server, and the client enters the user name and password to view the returned page.

Call header () to set the header information to enable authentication information.

Header (' http/1.1401 unauthorized ');
Header (' Www-authenticate:basic realm= ' guitar Wars ');

Verify the password with $_server[' Php_auth_user ' and $_server[' PHP_AUTH_PW '] on the server

If it is wrong, call exit directly (

2 about SQL injection.

When the front desk submits the form, if the form field contains some dangerous characters, it will affect the SQL query, it is possible to break the table. This is called SQL injection.

Can the front desk with JS for some basic form verification, go to the space Ah, whether it is mail, phone number is correct. In the background and then the final check, with trim () to remove the front and rear null characters, mysqli_real_escape_string to escape. It is also best to set default values for the data in the table (the same as a column).

[head First Php&mysql] reading notes-Basic Safety Information (fifth chapter)