PHPMYSQL injection attacks need to prevent 7 points bitsCN.com
1: numeric parameters are forcibly filtered using methods like intval and floatval.
2: string parameters are forcibly filtered using methods like mysql_real_escape_string, rather than simple addslashes.
3: it is best to discard the splicing SQL query method like mysql_query and try to use the PDO prepare binding method.
4: Use rewrite technology to hide information about real scripts and parameters, and use rewrite regular expressions to filter suspicious parameters.
5. disable the error message and do not provide the attacker with sensitive information: display_errors = off.
6. log errors: log_errors = on and error_log = filename, which should be checked regularly.
7: Do not use an account with FILE permissions (such as root) to connect to MySQL. this Shields dangerous functions such as load_file.
BitsCN.com