Article Topic Learning Download Q&A Programming Dictionary Game Recent Updates

简体中文(ZH-CN) English(EN) 繁体中文(ZH-TW) 日本語(JA) 한국어(KO) Melayu(MS) Français(FR) Deutsch(DE)

Home > Backend Development > PHP Tutorial > body text

php 参数化查询

WBOY

Release： 2016-06-20 12:54:06

Original

1848 people have browsed it

在学习注入时，MetInfo cms中出现一个注入点，我寻到源代码：

$show = $db->get_one("SELECT * FROM $met_column WHERE id=$id and module=1");

Copy after login

不懂php，看到这个，就误以为这是参数化。参数化不是可以防注入么，怎么还会有注入点呢。

后面深入了解发现。所谓的参数话查询，不是指程序层面的参数话，而是指数据库接口的参数化。形式：

fetch_one('select * from user where name=?', @name)

Copy after login

对于php采用了参数查询后，是能做到防注入的。

可以了解的php参数化查询资料

使用参数化查询防止SQL注入
PHP 中使用参数化查询

Related labels：

php 参数化查询

source：php.cn

Previous article：Skype 在线图标地址 Next article：在PHP中对象真的是按引用传递的吗

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Latest Articles by Author

What is a NullPointerException, and how do I fix it?

2024-10-22 09:46:29
From Novice to Coder: Your Journey Begins with C Fundamentals

2024-10-13 13:53:41
Unlocking Web Development with PHP: A Beginner's Guide

2024-10-12 12:15:51
Demystifying C: A Clear and Simple Path for New Programmers

2024-10-11 22:47:31
Unlock Your Coding Potential: C Programming for Absolute Beginners

2024-10-11 19:36:51
Unleash Your Inner Programmer: C for Absolute Beginners

2024-10-11 15:50:41
Automate Your Life with C: Scripts and Tools for Beginners

2024-10-11 15:07:41
PHP Made Easy: Your First Steps in Web Development

2024-10-11 14:21:21
Build Anything with Python: A Beginner's Guide to Unleashing Your Creativity

2024-10-11 12:59:11
The Key to Coding: Unlocking the Power of Python for Beginners

2024-10-11 12:17:31

Latest Issues

Add the Endpoint _header attribute to the JSON response object I'm testing pulling data from a remote endpoint service (npoint.io). When I get back the r...

From 2024-04-05 10:35:39

0

1

1376

Using PHP, can I put a foreach statement into a transient? I'm working in WP using PHP and trying to reduce the load time of a function that fetches ...

From 2024-04-03 17:12:43

0

2

330

PHP question: Problem converting pdo column value to string Essentially, I'm using pdo to run the following query and format the results into JSON. Th...

From 2024-04-03 00:18:38

0

1

412

Possible revision title: "PHP SQL database update query issue: Index is not defined and data is not updated?" I'm having trouble updating the database. I think the error is in the update query itself,...

From 2024-04-02 18:46:20

0

1

436

PHP query update data This is the error I get: Updated question SETsituacao='Concluido'WHEREid=?SQLSTATE[42000]:...

From 2024-04-01 13:41:23

0

1

382

Related Topics

More>

Popular Recommendations

Popular Tutorials

More>

Related Tutorials

Popular Recommendations

Latest courses

Latest Downloads

More>

Web Effects

Website Source Code

Website Materials

Front End Template

About us Disclaimer Sitemap: php.cn：Public welfare online PHP training，Help PHP learners grow quickly！