Php prevents simple analysis of SQL injection and phpsql injection. Php prevents SQL injection for simple analysis. phpsql injection examples in this article analyze the simple method of php to prevent SQL injection. Share it with you for your reference. Specifically: here is only a simple method. php prevents SQL injection for simple analysis and php SQL injection.
This article analyzes php's simple method to prevent SQL injection. Share it with you for your reference. The details are as follows:
Here is a simple method.
There are many ways to prevent SQL injection. here we will talk about a method in the vulnerability drill platform Dvwa.
Simply look at the high level.
$id = $_GET['id']; $id = stripslashes($id); $id = mysql_real_escape_string($id); if (is_numeric($id)){$getid = "SELECT first_name,last_name FROM users WHERE user_id='$id'";$result = mysql_query($getid) or die(''.mysql_error().'
');$num = mysql_numrows($result);
It can be seen that its processing method is to first delete the backslash \ in the variable through the stripslashes function \,
Then use the mysql_real_escape_string function to escape special characters.
So when we write similar code
$getid="SELECT first_name,last_name FROM users WHERE user_id='$id'";
Our simplest method is
Directly process the variable $ id in stripslashes and mysql_real_escape_string.
Note: This is not to say that this is safe. this is only one of the methods, but I am not sure it is safe. More needs to be handled based on the actual situation.
I hope this article will help you with php programming.
In this article, we analyze php's simple method to prevent SQL injection. Share it with you for your reference. The details are as follows: here is only a simple method...