发表新帖
发表新帖

PHP protection of GET parameters

前端 未结
关注
3 1207
故里飘歌
故里飘歌 2020-12-10 15:34

OK consider this url:

example.com/single.php?id=21424

It\'s pretty obvious to you and i that the PHP is going to take the id and run it thr

相关标签:
3条回答
  • 南方客
    2020-12-10 16:12

    Of course, never ever ever consider a user entry (_GET, _POST, _COOKIE, etc) as safe.

    Use mysql_real_escape_string php function to sanitize your variables: http://php.net/manual/en/function.mysql-real-escape-string.php

    About SQL injections : http://en.wikipedia.org/wiki/SQL_injection

    0 讨论(0)
  • 逝去的感伤
    2020-12-10 16:14

    Well there is Sql injection http://en.wikipedia.org/wiki/SQL_injection

    0 讨论(0)
  • 孤城傲影
    2020-12-10 16:17

    All depends on the filtering you explicitely (with filter_var() for instance) or implictely (by using prepared statements for instance) use.

    0 讨论(0)
 看不清?
提交回复
热议问题