发表新帖
发表新帖

How to create a secure mysql prepared statement in php?

前端 未结
关注
6 473
夕颜
夕颜 2020-11-22 03:29

I am new to using prepared statements in mysql with php. I need some help creating a prepared statement to retrieve columns.

I need to get information from different

6条回答
  • -上瘾入骨i
    -上瘾入骨i (楼主)
    2020-11-22 03:56

    Security with MySQL in PHP (or any other language for that matter) is a largely discussed issue. Here are a few places for you to pick up some great tips:

    • http://webmaster-forums.code-head.com/showthread.php?t=939
    • http://www.sitepoint.com/article/php-security-blunders/
    • http://dev.mysql.com/tech-resources/articles/guide-to-php-security.html
    • http://www.scribd.com/doc/17638718/Module-11-PHP-MySQL-Database-Security-16

    The two most major items in my opinion are:

    • SQL Injection: Be sure to escape all of your query variables with PHP's mysql_real_escape_string() function (or something similar).
    • Input Validation: Never trust the user's input. See this for a tutorial on how to properly sanitize and validation your inputs.

    0 讨论(0)
 看不清?
提交回复
热议问题