PHP 防止 SQL Injection

Sam Tang

11 years ago

PHP 要预防 SQL Injection, 可以用 PHP 内建功能实现, 下面分别是 PDO 及 MySQLi 预防方法:

PDO:

$sql = $pdo->prepare('SELECT * FROM users WHERE username = :username');
$sql->execute(array('username' => $username));

foreach ($sql as $row) {
    // do something with $row
}

$sql = $pdo->prepare('SELECT * FROM users WHERE username = :username');

$sql->execute(array('username' => $username));

foreach ($sql as $row) {

// do something with $row

}

MySQLi:

$sql = $dbConnection->prepare('SELECT * FROM users WHERE username = ?');
$sql->bind_param('s', $username);

$sql->execute();

$result = $sql->get_result();
while ($row = $result->fetch_assoc()) {
    // do something with $row
}

$sql = $dbConnection->prepare('SELECT * FROM users WHERE username = ?');

$sql->bind_param('s', $username);

$sql->execute();

$result = $sql->get_result();

while ($row = $result->fetch_assoc()) {

// do something with $row

}

你可能感兴趣的内容

Ubuntu 24.04 安装 PHP 8.4
Rocky Linux 安装 LEMP – Nginx, MariaDB, PHP
Rocky Linux 安装 LAMP – Apache, MariaDB, PHP
Whatsapp API 换行
Rocky Linux 安装 Apache, PHP, MariaDB (LAMP)
RHEL / Rocky Linux 8 安装多个 PHP 版本
PHP 解决 HTML contains invalid UTF-8 character(s) 错误
RHEL / CentOS 安装 ImageMagick 及 PHP 模组