使用刀片防止DB裂纹。 [英] Preventing DB crahses with inserts.
本文介绍了使用刀片防止DB裂纹。的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
是否有在数据库中安全插入字符串的功能?
确保用户无法通过任何内容会导致错误或者不需要的
行为/黑客行为?
html函数只能确保没有特殊字符。
用一些特殊的单词替换单词WHERE / SELECT / UPDATE / DELETE
如{W} HERE / {S} ELECT等更安全吗?
非常感谢
Sims
Hi,
Is there a function to insert a string safely in the DB?
To ensure that nothing the user can pass will cause an errors or unwanted
behaviour/hacking?
The html function(s) only ensure that there are not special characters.
Would replacing the words WHERE/SELECT/UPDATE/DELETE with some special words
like {W}HERE/{S}ELECT etc be safer?
Many thanks
Sims
推荐答案
Sims写道:
Sims wrote:
你好,
是否有一个函数可以安全地在数据库中插入字符串?
确保用户无法通过任何内容会导致错误或不必要的行为/黑客行为?
html函数只能确保没有特殊字符。
用一些特殊的单词替换单词WHERE / SELECT / UPDATE / DELETE
如{W} HERE / {S} ELECT等更安全吗?
Hi,
Is there a function to insert a string safely in the DB?
To ensure that nothing the user can pass will cause an errors or unwanted
behaviour/hacking?
The html function(s) only ensure that there are not special characters.
Would replacing the words WHERE/SELECT/UPDATE/DELETE with some special words
like {W}HERE/{S}ELECT etc be safer?
mysql_escape_string(
mysql_escape_string(
rawstring)
rawstring)
> >
html函数只确保没有特殊字符。
将WHERE / SELECT / UPDATE / DELETE替换为一些单词特殊的
像{W} HERE / {S} ELECT等更安全?
The html function(s) only ensure that there are not special characters.
Would replacing the words WHERE/SELECT/UPDATE/DELETE with some special words like {W}HERE/{S}ELECT etc be safer?
mysql_escape_string(
mysql_escape_string(
这篇关于使用刀片防止DB裂纹。的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
