Community

Learn

Tools Library

AI Tools

Leisure

English

Home > Database > Mysql Tutorial > PHP MYSQL注入攻击需要预防7个要点_MySQL

PHP MYSQL注入攻击需要预防7个要点_MySQL

WBOY

Release： 2016-06-01 13:25:55

Original

881 people have browsed it

bitsCN.com

1：数字型参数使用类似intval，floatval这样的方法强制过滤。

2：字符串型参数使用类似mysql_real_escape_string这样的方法强制过滤，而不是简单的addslashes。

3：最好抛弃mysql_query这样的拼接SQL查询方式，尽可能使用PDO的prepare绑定方式。

4：使用rewrite技术隐藏真实脚本及参数的信息，通过rewrite正则也能过滤可疑的参数。

5：关闭错误提示，不给攻击者提供敏感信息：display_errors=off。

6：以日志的方式记录错误信息：log_errors=on和error_log=filename，定期排查，Web日志最好也查。

7：不要用具有FILE权限的账号（比如root）连接MySQL，这样就屏蔽了load_file等危险函数。

bitsCN.com

Related labels：

string Splicing most inquiry mode

source：php.cn

Previous article：MySQL函数讲解(MySQL函数大全)_MySQL Next article：mysql实现本地keyvalue数据库缓存示例_MySQL

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Latest Articles by Author

What is a NullPointerException, and how do I fix it?

2024-10-22 09:46:29
From Novice to Coder: Your Journey Begins with C Fundamentals

2024-10-13 13:53:41
Unlocking Web Development with PHP: A Beginner's Guide

2024-10-12 12:15:51
Demystifying C: A Clear and Simple Path for New Programmers

2024-10-11 22:47:31
Unlock Your Coding Potential: C Programming for Absolute Beginners

2024-10-11 19:36:51
Unleash Your Inner Programmer: C for Absolute Beginners

2024-10-11 15:50:41
Automate Your Life with C: Scripts and Tools for Beginners

2024-10-11 15:07:41
PHP Made Easy: Your First Steps in Web Development

2024-10-11 14:21:21
Build Anything with Python: A Beginner's Guide to Unleashing Your Creativity

2024-10-11 12:59:11
The Key to Coding: Unlocking the Power of Python for Beginners

2024-10-11 12:17:31

Latest Issues

The query and formula form the entire table, with new columns, where the new columns are formulas involving other conditional column values EDIT: The formula should be the "value" column - the "value" column wi...

From 2024-04-06 21:23:40

0

2

530

Calculate the sum of fields in another table using MySQL SQL query I have a schema like this: User table with attributes "user_id" and "userna...

From 2024-04-06 19:39:29

0

1

441

MySQL: "Select text from... as <variable here or subquery>" I have the following table with the following data: id text language 1 german text german ...

From 2024-04-06 19:25:54

0

2

529

What are the best practices for displaying version information in web applications? I'm developing a web application. What are the best practices for displaying version infor...

From 2024-04-06 19:13:16

0

2

476

How to group and count in MySQL? I'm trying to write a query that extracts the total number of undeleted messages sent to f...

From 2024-04-06 18:30:17

0

1

353

Related Topics

More>

Popular Recommendations

Popular Tutorials

More>

Related Tutorials

Popular Recommendations

Latest courses

Latest Downloads

More>

Web Effects

Website Source Code

Website Materials

Front End Template