Article Topic Learning Download Q&A Programming Dictionary Game Recent Updates

简体中文(ZH-CN) English(EN) 繁体中文(ZH-TW) 日本語(JA) 한국어(KO) Melayu(MS) Français(FR) Deutsch(DE)

Home > Backend Development > PHP Tutorial > body text

为啥PDO可以有效防止注入？

WBOY

Release： 2016-06-06 20:21:41

Original

1150 people have browsed it

一直知道他可以防止注入，今天在网上也看到了一些文章还是没搞明白，即使是他分两次发送的，那攻击着也照样可以在参数上拼接阿
http://blog.olesee.org/2015/10/14/pdo-%E9%98%B2%E6%AD%A2sql%E6%B3%A8%E5%85%A5%E7%9A%84%E5%8E%9F%E7%90%86/

回复内容：

一直知道他可以防止注入，今天在网上也看到了一些文章还是没搞明白，即使是他分两次发送的，那攻击着也照样可以在参数上拼接阿
http://blog.olesee.org/2015/10/14/pdo-%E9%98%B2%E6%AD%A2sql%E6%B3%A8%E5%85%A5%E7%9A%84%E5%8E%9F%E7%90%86/

这背后是MySQL的预处理实现的，PDO发送给MySQL的并不是“拼接”后的SQL语句

举个例子

<code class="mysql">PREPARE mystatement FROM "SELECT * FROM topic WHERE id = ? or id = ?";
set @a = 1;
set @b = 2;
EXECUTE mystatement USING @a, @b;
DEALLOCATE PREPARE mystatement;</code>

Copy after login

其实关键的一点就是语句和数据通过这个方式实现了分离，例子中的@a, @b的内容怎么变，SQL的语法解析都不会把它们解析成语句的一部分

文档在此 http://dev.mysql.com/doc/refman/5.7/en/sql-syntax-prepared-statements.html

Related labels：

mysql php sql sql injection

source：php.cn

Previous article：我个人不懂编程，找了一群小伙伴做一个网站，做到支付系统时，小伙伴们说不知道如何防止被黑，大神们支支招跪谢了~~ Next article：Nginx PATH_INFO配置

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Latest Articles by Author

BlackRock Labels BTC a Unique Diversifier

2024-09-20 15:51:33
Internet Computer (ICP) Price Prediction: Will ICP Price Hit $24?

2024-09-20 15:47:32
Worldcoin (WLD) Price Prediction 2022-23

2024-09-20 15:45:32
Top Meme Coins to Invest In Today

2024-09-20 15:39:32
Floki (FLOKI) Price Prediction: Will the Revamped Marketing Help Floki Catch Up on October Gains?

2024-09-20 15:38:32
Next Cryptocurrency to Explode: 5 Coins to Add to Your Watchlist

2024-09-20 15:27:32
Dogecoin: From an Internet Meme to a Digital Currency with a Billion-Dollar Market Capitalization

2024-09-20 15:26:32
ZChains Unveils a Series of Exciting Updates and Launches to Enhance Its Ecosystem

2024-09-20 15:12:32
How to download the Apple version of Little Fox Payment Platform

2024-09-20 14:53:01
How beginners trade on MetaMask and its advantages and disadvantages

2024-09-20 14:51:01

Latest Issues

How to list data in a section by ID using while loop in PHP? I have a mysql table with these columns: series_id, series_color, product_name In the outp...

From 2023-11-17 20:03:03

0

1

290

Call to undefined function create_function() I get this message on the home page of the website: Fatal error: Uncaught error: calling /...

From 2023-11-16 19:00:36

0

1

277

<?php //Given a year, month and day, output the day of the year that the date is (note that leap year 4 100 400) <?php //Given a year, month and day, output the day of the year that the date is (no...

From 2023-11-14 23:55:21

0

1

79

PHP trim unicode spaces I'm trying to trim unicode spaces such as this character and I was able to do it using thi...

From 2023-11-13 08:49:45

0

2

398

TYPO3 V11: "PHP warning: undefined array key", $this->request->getArguments() is empty I'm a new user of typo3, I made a plugin to show users and use the search bar to filter th...

From 2023-11-12 21:35:09

0

1

362

Related Topics

More>

Popular Recommendations

Popular Tutorials

More>

Related Tutorials

Popular Recommendations

Latest courses

Latest Downloads

More>

Web Effects

Website Source Code

Website Materials

Front End Template

About us Disclaimer Sitemap: php.cn：Public welfare online PHP training，Help PHP learners grow quickly！