Home > Backend Development > PHP Tutorial > Simple analysis of preventing sql injection in php, phpsql injection_PHP tutorial

Simple analysis of preventing sql injection in php, phpsql injection_PHP tutorial

WBOY
Release: 2016-07-13 10:02:49
Original
1113 people have browsed it

A simple analysis of php to prevent sql injection, phpsql injection

This article analyzes a simple method of php to prevent sql injection. Share it with everyone for your reference. The details are as follows:

Here is just a simple method

There are many ways to prevent Sql injection. What I want to talk about here is actually one of the methods in the vulnerability drill platform Dvwa

Just look at the high level ones

$id = $_GET['id']; 
$id = stripslashes($id); 
$id = mysql_real_escape_string($id); 
if (is_numeric($id)){
$getid = "SELECT first_name,last_name FROM users WHERE user_id='$id'";
$result = mysql_query($getid) or die('<pre class="brush:php;toolbar:false">'.mysql_error().'
'); $num = mysql_numrows($result);
Copy after login

It can be seen that the way it is processed is to first remove the backslashes in the variable through the stripslashes function,
Then use the function mysql_real_escape_string to escape special characters.
So when we write code like

$getid="SELECT first_name,last_name FROM users WHERE user_id='$id'";
Copy after login

Our simplest method is

Directly process the variable $id with stripslashes and mysql_real_escape_string.

Note: This is not to say that this is safe. This is just one of the methods. I am not saying that this is safe. More needs to be dealt with based on the actual situation.

I hope this article will be helpful to everyone’s PHP programming design.

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/969494.htmlTechArticleA simple analysis of php to prevent sql injection, phpsql injection This article analyzes the simple method of php to prevent sql injection. Share it with everyone for your reference. The details are as follows: Here is just a simple method...
Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template