How to intercept numeric SQL injection? Is it valid to verify if it is a number?
顾及
顾及 2020-05-05 20:19:27
0
1
1115

Test that adding single and double quotation marks to the sql query can still cause sql injection.

As the title states, can SQL injection be intercepted assuming that the verification parameter is a number?

if (!is_numeric($id)) {
exit('非法'); 
        }

SQL injection is no longer possible in such verification tests, but is this absolutely safe?

Xiaobai asks for help.

顾及
顾及

reply all(1)
路边的小蚂蚁i

Use the framework's sql statement encapsulation method. The framework will prevent you from sql injection. When you have enough knowledge and experience, you can study these

Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template