我已经阅读了很多关于sql注入的内容,我理解它是如何导致问题的(即:DROP TABLE __ etc).但我不确定我所遵循的教程实际上是如何防止这种情况发生的.我只是在学习PDO,我想我理解它.
这段代码是否可以安全地从sql注入?为什么呢? (使用这些准备好的语句需要花费更多的工作,所以我想确保我不仅浪费时间 – 如果代码可以改进,请告诉我!)
$conn = new PDO("MysqL:host=$DB_HOST;dbname=$DB_DATABASE",$DB_USER,$DB_PASSWORD); // Get the data $firstname = $_POST["v_firstname"]; $lastname = $_POST["v_lastname"]; $origincountry = $_POST["v_origincountry"]; $citizenship = $_POST["v_citizenship"]; $gender = $_POST["v_gender"]; $dob = $_POST["v_dob"]; $language = $_POST["v_language"]; $landing = $_POST["v_landing"]; $email = $_POST["v_email"]; $phone = $_POST["v_phone"]; $cellphone = $_POST["v_cellphone"]; $caddress = $_POST["v_caddress"]; $paddress = $_POST["v_paddress"]; $school = $_POST["v_school"]; $grade = $_POST["v_grade"]; $smoker = $_POST["v_smoker"]; $referred = $_POST["v_referred"]; $notes = $_POST["v_notes"]; //Insert Data $sql = "INSERT INTO clients (firstname,lastname,origincountry,citizenship,gender,dob,language,landing,email,phone,cellphone,caddress,paddress,school,grade,smoker,referred,notes) VALUES (:firstname,:lastname,:origincountry,:citizenship,:gender,:dob,:language,:landing,:email,:phone,:cellphone,:caddress,:paddress,:school,:grade,:smoker,:referred,:notes)"; $q = $conn->prepare($sql); $q->execute(array(':firstname'=>$firstname,':lastname'=>$lastname,':origincountry'=>$origincountry,':citizenship'=>$citizenship,':gender'=>$gender,':dob'=>$dob,':language'=>$language,':landing'=>$landing,':email'=>$email,':phone'=>$phone,':cellphone'=>$cellphone,':caddress'=>$caddress,':paddress'=>$paddress,':school'=>$school,':grade'=>$grade,':smoker'=>$smoker,':referred'=>$referred,':notes'=>$notes));
解决方法
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。