These days too busy, continue to serial haha, for half a month to end.
The database comes with unsafe input filtering capabilities, but not all databases have it. Currently, only Mysql,sqlite,postgresql,sybase has such a feature, and many databases, including Oracle and SQL Server, are not.
Given this situation, the general developer uses a common approach to avoid unsafe data written to the database--base64 encoding. This avoids the risk of any special characters that may cause problems. But BASE64 encoded data capacity will probably increase by 33%, compared to occupy space. In PostgreSQL, there is a problem with using BASE64 encoded data, that is, you cannot use a ' like ' query.
So summing up so much, we know that relying on the database itself is not a string screen. We need a solution that filters out dangerous characters before the special characters affect our query statement. A predefined query (Prepared queries/prepared statements) is a great way to do this. What is a predefined query? It is equivalent to a template for a query statement that defines the structure of the query statement and the data types of some parts. If we submit a SQL statement that conforms to the definition of this template, execute it, or we will not execute it and report an error.
For example:
Pg_query ($conn, "PREPARE stmt_name (text) as SELECT * from users WHERE name=$1");
Pg_query ($conn, "EXECUTE stmt_name ({$name})");
Pg_query ($conn, "deallocate stmt_name");
PREPARE stmt_name (text) as.. Defines the format of a query where all characters except $ are placeholders and do not allow changes. Oh, I think this method is really a good way. But unfortunately not all databases are supported.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.