脚本宝典收集整理的这篇文章主要介绍了php – 不太了解SQL注入,脚本宝典觉得挺不错的,现在分享给大家,也给大家做个参考。
这段代码是否可以安全地从sql注入?为什么呢? (使用这些准备好的语句需要花费更多的工作,所以我想确保我不仅浪费时间 – 如果代码可以改进,请告诉我!)
$conn = new PDO("MysqL:host=$DB_HOST;dbname=$DB_DATABASE",$DB_USER,$DB_PASSWORD); // Get the data $Firstname = $_POST["v_firstname"]; $lastname = $_POST["v_lastname"]; $origincountry = $_POST["v_origincountry"]; $cITizenship = $_POST["v_citizenship"]; $gender = $_POST["v_gender"]; $dob = $_POST["v_dob"]; $language = $_POST["v_language"]; $landing = $_POST["v_landing"]; $email = $_POST["v_email"]; $phone = $_POST["v_phone"]; $cellphone = $_POST["v_cellphone"]; $CADdress = $_POST["v_caddress"]; $paddress = $_POST["v_paddress"]; $school = $_POST["v_school"]; $grade = $_POST["v_grade"]; $smoker = $_POST["v_smoker"]; $referred = $_POST["v_referred"]; $notes = $_POST["v_notes"]; //Insert Data $sql = "INSERT INTO clients (firstname,lastname,origincountry,citizenship,gender,dob,language,landing,email,phone,cellphone,caddress,paddress,school,grade,smoker,referred,notes) VALUES (:firstname,:lastname,:origincountry,:citizenship,:gender,:dob,:language,:landing,:email,:phone,:cellphone,:caddress,:paddress,:school,:grade,:smoker,:referred,:notes)"; $q = $conn->PRepare($sql); $q->execute(array(':firstname'=>$firstname,':lastname'=>$lastname,':origincountry'=>$origincountry,':citizenship'=>$citizenship,':gender'=>$gender,':dob'=>$dob,':language'=>$language,':landing'=>$landing,':email'=>$email,':phone'=>$phone,':cellphone'=>$cellphone,':caddress'=>$caddress,':paddress'=>$paddress,':school'=>$school,':grade'=>$grade,':smoker'=>$smoker,':referred'=>$referred,':notes'=>$notes));
以上是脚本宝典为你收集整理的php – 不太了解SQL注入全部内容,希望文章能够帮你解决php – 不太了解SQL注入所遇到的问题。
本图文内容来源于网友网络收集整理提供,作为学习参考使用,版权属于原作者。
如您有任何意见或建议可联系处理。小编QQ:384754419,请注明来意。