Test that adding single and double quotation marks to the sql query can still cause sql injection.
As the title states, can SQL injection be intercepted assuming that the verification parameter is a number?
if (!is_numeric($id)) { exit('非法'); }
SQL injection is no longer possible in such verification tests, but is this absolutely safe?
Xiaobai asks for help.
Use the framework's sql statement encapsulation method. The framework will prevent you from sql injection. When you have enough knowledge and experience, you can study these