就SQL注入而言,这安全吗? [英] is this safe in terms of SQL injection?
本文介绍了就SQL注入而言,这安全吗?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
目前越来越多地使用MySQL.这是我不太担心的事情,但是我现在想用它编写一些脚本.
Currently getting more and more into MySQL. It's something i haven't been too fussed about but i want to write some scripts with it now.
我的问题很简单,我正在制作一个搜索脚本,只是想知道我的php代码是否可以防止某些SQL注入.
My question is simple, im making a search script and just want to know if my php code can prevent some SQL injections.. the code:
$orig = $_POST['term'];
$term = mysql_real_escape_string($orig);
$sql = mysql_query("select * from db1 where content like '%$term%' ");
可以吗?或者,如果有人有更轻松/更好/更安全的方式来做这件事,我很乐意让我知道.
Is this ok? Alternatively if anyone has an easier/better/safer way of doing this plese feel inclined to let me know.
推荐答案
为避免在未设置$_POST['term']
的情况下发出警告,
To avoid warnings in case $_POST['term']
isn't set:
if (isset($_POST['term'])) {
$term = mysql_real_escape_string($_POST['term']);
$sql = mysql_query("select * from db1 where content like '%$term%' ");
// rest of sql query
}
这篇关于就SQL注入而言,这安全吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文