PHP能用sprintf函数来防止SQL注入吗?

WBOY
Release: 2016-06-23 14:03:22
Original
1389 people have browsed it

$sql = sprintf("select count(*) as qty from t_user where f_uid='%s' and f_password='%s'",$password,$userAccount);
Copy after login

这句话能挡住SQL注入吗?


回复讨论(解决方案)

不能,SQL注入的关键在于引号,而sprintf()不会去处理引号。

source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template