Php anti-SQL code is learning recently, php mysql
Excuse me, after submitting the form, it will be inserted between databases,
Is this enough? Do I need to write other anti-SQL code?
$ Name = mysql_real_escape_string ($ _ POST ['name']);
Reply to discussion (solution)
Baidu refer to "360 general anti-injection" for reference
Baidu refer to "360 general anti-injection" for reference
O (∩) O thank you
Is there any problem with writing this?
You can write it in this way.
Baidu refer to "360 general anti-injection" for reference
O (∩) O thank you
Is there any problem with writing this?
Yes
I also just learned. I think I just learned about PDO and parameter-based queries. it's just the beginning. it's easy.
The addslashes function is generally used; mysql_real_escape_string must be connected to the database before use
1. verify user data. if it is a number, it must be a number.
2. addslashes function
3. mysql_real_escape_string or mysql_escape_string
4. pre-compiled SQL prepare
I think using 360safe is not bad. I will study it if I have time !!