基本的SQL注入? [英] Basic SQL Injections?

问题描述

在一个上一个问题中，我被告知我的查询容易被执行SQL注入.

I was told in a previous question that my query is prone to SQL injections.

get_stats = mysql_query("SELECT * 
                               FROM visitors 
                              WHERE site='$_GET[site]' 
                                AND date BETWEEN '$start_date' AND '$end_date' ");

解决此问题的最简单方法是什么?您还可以进一步了解注射剂吗? (我可能会在Google上错过的东西).谢谢！

What would be the easiest way to approach this problem? And do you have some further reading on the subject of injections? (something that I might miss on Google). Thanks!

推荐答案

使用准备的语句.

在大多数情况下，Prepared Statements可以安全地将查询与参数组合在一起.

In most cases, Prepared Statements do the job of combining your query with your parameters, in a safe manner.

这篇关于基本的SQL注入?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！