Alibabacloud.com offers a wide variety of articles about mysql real escape string prevent sql injection, easily find your mysql real escape string prevent sql injection information here online.
Talking about PHP security and anti-SQL injection, prevent XSS attack, anti-theft chain, anti-CSRF
Objective:
First of all, the author is not a web security experts, so this is not a Web security expert-level article, but learning notes, careful
PHP prevents injection attack instance analysis and php injection instance analysis. Analysis of PHP injection attack prevention examples. This article analyzes php injection attack prevention methods in detail in the form of examples. Share it with
PHP Prevent injection attack case analysis, PHP injection Example analysis
In this paper, the method of preventing injection attack by PHP is analyzed in detail. Share to everyone for your reference. The specific analysis is as follows:
PHP
supposed input
$name = "Ilia"; DELETE from users; ";
mysql_query ("SELECT * from users WHERE name= ' {$name} '");
Copy CodeIt is clear that the last command executed by the database is:
SELECT *
SQL injection attacks"SQL injection" is an attack method that uses unfiltered/unaudited user input ("cache overflow" is different from this method ), this means that the application should not run the SQL code. If the application creates SQL strings
Examples show how hackers Execute SQL injection attacks"SQL injection" is an attack method that uses unfiltered/unaudited user input ("cache overflow" is different from this method ), this means that the application should not run the SQL code. If
Phpsql injection attacks and precautions
// Supposed input
$ Name = "ilia '; delete from users ;";
Mysql_query ("SELECT * FROM users WHERE name = '{$ name }'");
Obviously, the command executed by the database
For server configuration level protection, should ensure that the production environment webserver is to turn off the error message, such as PHP in the production environment configuration file php.ini Display_errors should be set to off, so that
Reply content:
No compilation, no injection .To prevent the data being submitted to be compiled.
parameter Bindingis to avoid the method of submitting data being compiled. With PDO or mysqli, there are many handy classes that are packaged well.
For
PHP and SQL injection attacks. SQL injection attacks are the most common means for hackers to attack websites. If your site does not use strict user input tests, it is often vulnerable to SQL injection attacks. SQL injection attacks are usually the
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.