Home > php教程 > php手册 > body text

基础php mysql 防止sql攻击注入的办法

WBOY
Release: 2016-05-25 16:40:56
Original
1214 people have browsed it

我们利用了php自带的Magic Quotes来判断是否是开启了,如果是就stripslashes否则就用mysql_real_escape_string来过滤,实例代码如下:

//如果Magic Quotes功用启用
if (get_magic_quotes_gpc()) {  
    $name = stripslashes($name);  
}else{  
    $name = mysql_real_escape_string($name);  
} 
mysql_query("SELECT * FROM users WHERE name='{$name}'");
Copy after login

注:mysql_real_escape_string函数要等到mysql数据库连接成功才有效.                                        


本文链接:

收藏随意^^请保留教程地址.

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Recommendations
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template