What is parameterized query?

后端 未结 4 2184
攒了一身酷
攒了一身酷 2020-11-21 11:12

What is a parameterized query, and what would an example of such a query be in PHP and MySQL?

4条回答
  •  一个人的身影
    2020-11-21 11:59

    This is a clear and succinct explanation of what it is, and how it works. How and Why to use Parameterization

    Essential the process involves the server preprocessing the request without parameters so it knows the type of query it is. So, for example a SELECT query is only a SELECT query, and cannot be concatenated by a parameter(request variable) to be a SELECT / DROP or some other MySql injection. Instead the injection data will be just string data in the parameter field.

提交回复
热议问题