MySQL Security summary

SQL injection is a very disturbing problem, and some malicious attackers can take advantage of SQL injection to obtain or even modify the information in the database, especially for some of the more sensitive cipher data.

SQL injection primarily uses MySQL annotations to comment out subsequent statements that should be executed normally to achieve the purpose of a malicious attacker

You can also break the execution of SQL statements by using the ' way

You can also attack by changing the original SQL judgment statement by entering or 1=1 such statements.

Of course, there must be a defense against an attack.

In PHP, you can use PDO, precompilation to prevent SQL injection attacks if necessary, we can also take advantage of stored procedures, of course, stored procedures are seldom used in web development.

You can also use regular expressions and some of PHP's built-in functions to filter out some illegal characters

There are a few things to do:

1. Organize the data to make it effective.

2. Refusal of consistent illegal data.

3. Only legitimate data is accepted.

We can use regular expressions to filter these characters:

"/*" "* *" "%" "<" Span class= "Fontstyle1", "[" Span class= "Fontstyle1", "]"

You can also combine PHP to prevent SQL injections by making judgments:

We can divide the parameters into numbers or character types and other types to make different regular judgments to prevent SQL injection.

It is also possible to specify your own regular expressions to prevent SQL injection, depending on your needs.

MySQL Security summary