Simple analysis of preventing sql injection in php, phpsql injection_PHP tutorial

A simple analysis of php to prevent sql injection, phpsql injection

This article analyzes a simple method of php to prevent sql injection. Share it with everyone for your reference. The details are as follows:

Here is just a simple method

There are many ways to prevent Sql injection. What I want to talk about here is actually one of the methods in the vulnerability drill platform Dvwa

Just look at the high level ones

$id = $_GET['id']; 
$id = stripslashes($id); 
$id = mysql_real_escape_string($id); 
if (is_numeric($id)){
$getid = "SELECT first_name,last_name FROM users WHERE user_id='$id'";
$result = mysql_query($getid) or die('<pre>'.mysql_error().'</pre>');
$num = mysql_numrows($result);

It can be seen that the way it is processed is to first remove the backslashes in the variable through the stripslashes function,
Then use the function mysql_real_escape_string to escape special characters.
So when we write code like

$getid="SELECT first_name,last_name FROM users WHERE user_id='$id'";

Our simplest method is

Directly process the variable $id with stripslashes and mysql_real_escape_string.

Note: This is not to say that this is safe. This is just one of the methods. I am not saying that this is safe. More needs to be dealt with based on the actual situation.

I hope this article will be helpful to everyone’s PHP programming design.

http://www.bkjia.com/PHPjc/969494.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/969494.htmlTechArticleA simple analysis of php to prevent sql injection, phpsql injection This article analyzes the simple method of php to prevent sql injection. Share it with everyone for your reference. The details are as follows: Here is just a simple method...