PHP和安全的MySQL注入 [英] PHP and secure MySQL injections
问题描述
我在网上搜索后一直在进行搜索阅读
关于使用PHP保证PHP安全的所有主题。那里有很多
,并且没有很多具体的例子说明你应该如何专门使用
合并安全代码。
但是我确实阅读了mysql_escape_string函数并且想知道......是
我真的需要用它来阻止攻击者从网络表单访问我的数据库
?
我也看到了以下用途:
$ query = preg_replace(" /; /","" ;,$ query);
:让攻击者不要将不需要的分号投入到
查询语句中。
除了验证我的变量(我已经开始使用了b / b
养成做的习惯)之外,以上内容是否涵盖我的安全性
需要MySQL注入?
--Matt
I''ve been performing search after search all over the internet reading
up on all topics about making PHP secure with MySQL. There''s a lot out
there and not many concrete examples on how you should specifically
incorporate secure code.
But I did read up on the mysql_escape_string function and wonder...is
this all I really need to use to keep attackers from trying to access
my database from a web form?
I''ve also seen uses of:
$query=preg_replace("/;/"," ",$query);
:to keep attackers from throwing in unwanted semi-colons into the
query statement.
With the exception of validating my variables (which I''ve started
getting into the habit of doing), does the above cover my security
needs for MySQL injections?
--Matt
推荐答案
query = preg_replace(" /; /" ,",
query=preg_replace("/;/"," ",
查询);
:阻止攻击者将不需要的分号扔进
查询语句。
除了验证我的变量(我已经开始了)
养成做的习惯,以上是否涵盖了我的安全性?
需要进行MySQL注射?
--Matt
query);
:to keep attackers from throwing in unwanted semi-colons into the
query statement.
With the exception of validating my variables (which I''ve started
getting into the habit of doing), does the above cover my security
needs for MySQL injections?
--Matt
Matthew Sims写道:
Matthew Sims wrote:
我一直在网上搜索后进行搜索阅读
关于制作的所有话题PHP使用MySQL安全。那里有很多内容,并没有很多具体的例子说明你应该如何明确地使用安全代码。
但我确实读了mysql_escape_string函数并且想知道.. 。这是我真的需要用来阻止攻击者从网络表单访问我的数据库吗?
我也看到了以下用途: />
I''ve been performing search after search all over the internet reading
up on all topics about making PHP secure with MySQL. There''s a lot out
there and not many concrete examples on how you should specifically
incorporate secure code.
But I did read up on the mysql_escape_string function and wonder...is
this all I really need to use to keep attackers from trying to access
my database from a web form?
I''ve also seen uses of:
这篇关于PHP和安全的MySQL注入的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
