PHP prevents simple SQL injection analysis, Phpsql injection
This paper analyzes the simple method of PHP to prevent SQL injection. Share to everyone for your reference. Specific as follows:
There's only one simple way to do this.
There are many ways to prevent SQL injection, which is actually a way of DVWA in the vulnerability walkthrough platform.
Just look at the high level and you can.
$id = $_get[' id ']; $id = Stripslashes ($id); $id = mysql_real_escape_string ($id); if (Is_numeric ($id)) {$getid = "Select First_name,last_name from Users WHERE user_id= ' $id '"; $result = mysql_query ($getid) Or Die (''. Mysql_error (). '
'); $num = Mysql_numrows ($result);
It can be seen that it is handled by first removing the backslash \ In the variable through the Stripslashes function.
You can then use the function mysql_real_escape_string to escape the special characters.
So when we write code like this,
$getid = "Select First_name,last_name from Users WHERE user_id= ' $id '";
Our simplest way is to
The variable $id is processed directly stripslashes and mysql_real_escape_string.
Note: This is not to say that it's safe, it's just one of the ways I didn't say it would be safe. More should be dealt with according to the actual situation.
I hope this article is helpful to everyone's PHP programming.
http://www.bkjia.com/PHPjc/969494.html www.bkjia.com true http://www.bkjia.com/PHPjc/969494.html techarticle PHP prevents SQL injection from simple analysis, Phpsql injected this article to analyze the simple method of PHP to prevent SQL injection. Share to everyone for your reference. Here are just a few simple ways to say ...