POST可以进行SQL注入吗？ [英] Is SQL Injection possible with POST?

问题描述

如果通过GET传递参数，则可以进行Sql注入。但也可以通过POST。如果是，https可以阻止吗？

Sql Injection is possible if parameters are passed via GET. But is it possible via POST also. If yes, can https prevent it?

推荐答案

是的，可以使用 $ _ POST 以及 $ _ GET ， $ _ COOKIE 和 $ _ REQUEST 。 HTTPS根本不会保护您。您必须使用某些功能来保护您，例如 mysql_real_escape_string 或使用准备好的陈述。

Yes, it's possible with $_POST as well as with $_GET, $_COOKIE and $_REQUEST. HTTPS will not protect you at all. You have to use some function to protect you, for example mysql_real_escape_string or use prepared statements.

所有沟通应从Web浏览器处理为不受信任。您不能信任的其他技术是 Ajax ，文件上传和 JavaScript表格验证（等等）。所有这些数据都直接来自网络浏览器，在您过滤或验证数据之前不应该信任。

All communication from the web browser should be handled as "untrusted". Other techniques you can't trust is Ajax, file uploads and JavaScript form validations (among others). All these data come directly from the web browser and should not be trusted before you have filtered them or validated the data.

唯一值得信赖的是 $ _ SESSION ，前提是您只将经验证的数据放入 $ _ SESSION 变量。

The only thing you can trust is $_SESSION, provided that you ONLY put in validated data into your $_SESSION variables.

这篇关于POST可以进行SQL注入吗？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！