PHP保护GET参数 [英] PHP protection of GET parameters

问题描述

确定考虑这个网址：

OK consider this url:

example.com/single.php?id=21424

这对你和我来说很明显，PHP将采用id并通过mysql查询运行它以检索1条记录到将它显示在页面上。

It's pretty obvious to you and i that the PHP is going to take the id and run it through a mysql query to retrieve 1 record to display it on the page.

反正有些恶意黑客可能会把这个URL搞乱并对我的应用程序/ mysql数据库造成安全威胁？

Is there anyway some malicious hacker could mess this url up and pose a security threat to my application/mysql DB?

Thanks

Thanks

推荐答案

当然，永远不会考虑用户条目（_GET，_POST， _COOKIE等）安全。

Of course, never ever ever consider a user entry (_GET, _POST, _COOKIE, etc) as safe.

使用mysql_real_escape_string php函数来清理变量： http://php.net/manual/en/function.mysql-real-escape-string.php

Use mysql_real_escape_string php function to sanitize your variables: http://php.net/manual/en/function.mysql-real-escape-string.php

关于SQL注入： http://en.wikipedia.org/wiki / SQL_injection

这篇关于PHP保护GET参数的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！