Prevent SQL Injection Two simple ways to prevent SQL injection attacks and XSS attacks in PHP

WBOY
Release: 2016-07-29 08:42:21
Original
1437 people have browsed it

mysql_real_escape_string()
So if the SQL statement is written like this: "select * from cdr where src = ".$userId;" it must be changed to $userId=mysql_real_escape_string($userId)
All statements with printing such as echo, print Use htmlentities() to filter before printing to prevent Xss. Note that in Chinese, htmlentities($name,ENT_NOQUOTES,GB2312) must be written.

The above introduces two simple methods to prevent SQL injection and XSS attacks in PHP, including preventing SQL injection. I hope it will be helpful to friends who are interested in PHP tutorials.

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template