Haohappy
Http://blog.csdn.net/Haohappy2004
SQL injection attacks are the most common means for hackers to attack websites. If your site does not use strict user input tests, it is very vulnerable to SQL injection attacks. SQL injection attacks are usually implemented by submitting bad data or query statements to the site database, which may expose, change, or delete records in the database. Next we will talk about how SQL injection attacks are implemented and how to prevent them.
Let's look at this example:
// Supposed input
$ Name = "ilia '; delete from users ;";
Mysql_query ("SELECT * FROM users WHERE name = '{$ name }'");
Obviously, the Command executed by the database is:
SELECT * FROM users WHERE name = ilia; delete from users
This has disastrous consequences for the database-all records have been deleted.
However, if your database is MySQL, you can rest assured that the mysql_query () function does not allow direct execution of such operations (multiple statement operations cannot be performed in a single row. If the database you are using is SQLite or PostgreSQL and supports such a statement, you will face a disaster recovery.