"One, server-side Configuration"Security, PHP code writing is on the one hand, PHP configuration is very critical.We PHP hand-installed, PHP default configuration file in/usr/local/apache2/conf/php.ini, we mostly want to configure the content in PHP.
With the rapid development of Web applications and the continuous maturation of technology, the demand for web development-related jobs is increasing, and more and more people are joining the ranks of web development. However, due to the uneven
This article will start with SQL Injection risks and compare the differences between preprocessing of addslashes, mysql_escape_string, mysql_real_escape_string, mysqli, and pdo. This article will start with SQL Injection risks and compare the
"One, server-side Configuration"Security, PHP code writing is on the one hand, PHP configuration is very critical.We PHP hand-installed, PHP default configuration file in/usr/local/apache2/conf/php.ini, we mostly want to configure the content in PHP.
How to Prevent SQL Injection Analysis in PHP and prevent SQL Injection in php
This article describes how to prevent SQL Injection in PHP. Share it with you for your reference. The specific analysis is as follows:
I. Problem description:
If the data
Methods to prevent SQL injection in php [1. server-side configuration]
Security, PHP code writing is one aspect, and PHP configuration is critical.We manually install php. the default configuration file of php is in/usr/local/apache2/conf/php. ini,
We manually install php. the default configuration file of php is in/usr/local/apache2/conf/php. ini, we mainly need to configure php. the content in ini makes it safer to execute php. The security settings in PHP are mainly used to prevent phpshell
Absrtact: We PHP hand-installed, PHP default configuration file in/usr/local/apache2/conf/php.ini, we mainly want to configure the content in PHP.ini, let us execute php more secure. The security settings throughout PHP are primarily designed to
SQL injection is accessed from the normal WWW port, and it seems to be no different from the general web page access, so the current Municipal firewall does not alert SQL injection, if the Administrator does not check IIS logs, it may be invisible
1. Do not expose too much content to the client for Exception Handling2. Less parameter input in the address bar3. Storage Process authorization "run" permission
4. Do not concatenate SQL statements with strings. Use preparedstatement.
5. Prevent
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.