我已经阅读了很多关于sql注入的内容,我理解它是如何导致问题的(即:DROP TABLE __ etc).但我不确定我所遵循的教程实际上是如何防止这种情况发生的.我只是在学习PDO,我想我理解它.
这段代码是否可以安全地从sql注入?为什么呢? (使用这些准备好的语句需要花费更多的工作,所以我想确保我不仅浪费时间 – 如果代码可以改进,请告诉我!)
$conn = new PDO("MysqL:host=$DB_HOST;dbname=$DB_DATABASE",$DB_USER,$DB_PASSWORD);
// Get the data
$firstname = $_POST["v_firstname"];
$lastname = $_POST["v_lastname"];
$origincountry = $_POST["v_origincountry"];
$citizenship = $_POST["v_citizenship"];
$gender = $_POST["v_gender"];
$dob = $_POST["v_dob"];
$language = $_POST["v_language"];
$landing = $_POST["v_landing"];
$email = $_POST["v_email"];
$phone = $_POST["v_phone"];
$cellphone = $_POST["v_cellphone"];
$caddress = $_POST["v_caddress"];
$paddress = $_POST["v_paddress"];
$school = $_POST["v_school"];
$grade = $_POST["v_grade"];
$smoker = $_POST["v_smoker"];
$referred = $_POST["v_referred"];
$notes = $_POST["v_notes"];
//Insert Data
$sql = "INSERT INTO clients (firstname,lastname,origincountry,citizenship,gender,dob,language,landing,email,phone,cellphone,caddress,paddress,school,grade,smoker,referred,notes)
VALUES (:firstname,:lastname,:origincountry,:citizenship,:gender,:dob,:language,:landing,:email,:phone,:cellphone,:caddress,:paddress,:school,:grade,:smoker,:referred,:notes)";
$q = $conn->prepare($sql);
$q->execute(array(':firstname'=>$firstname,':lastname'=>$lastname,':origincountry'=>$origincountry,':citizenship'=>$citizenship,':gender'=>$gender,':dob'=>$dob,':language'=>$language,':landing'=>$landing,':email'=>$email,':phone'=>$phone,':cellphone'=>$cellphone,':caddress'=>$caddress,':paddress'=>$paddress,':school'=>$school,':grade'=>$grade,':smoker'=>$smoker,':referred'=>$referred,':notes'=>$notes));
解决方法
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
