脚本宝典收集整理的这篇文章主要介绍了php – 不太了解SQL注入,脚本宝典觉得挺不错的,现在分享给大家,也给大家做个参考。
这段代码是否可以安全地从sql注入?为什么呢? (使用这些准备好的语句需要花费更多的工作,所以我想确保我不仅浪费时间 – 如果代码可以改进,请告诉我!)
$conn = new PDO("MysqL:host=$DB_HOST;dbname=$DB_DATABASE",$DB_USER,$DB_PASSWORD);
// Get the data
$Firstname = $_POST["v_firstname"];
$lastname = $_POST["v_lastname"];
$origincountry = $_POST["v_origincountry"];
$cITizenship = $_POST["v_citizenship"];
$gender = $_POST["v_gender"];
$dob = $_POST["v_dob"];
$language = $_POST["v_language"];
$landing = $_POST["v_landing"];
$email = $_POST["v_email"];
$phone = $_POST["v_phone"];
$cellphone = $_POST["v_cellphone"];
$CADdress = $_POST["v_caddress"];
$paddress = $_POST["v_paddress"];
$school = $_POST["v_school"];
$grade = $_POST["v_grade"];
$smoker = $_POST["v_smoker"];
$referred = $_POST["v_referred"];
$notes = $_POST["v_notes"];
//Insert Data
$sql = "INSERT INTO clients (firstname,lastname,origincountry,citizenship,gender,dob,language,landing,email,phone,cellphone,caddress,paddress,school,grade,smoker,referred,notes)
VALUES (:firstname,:lastname,:origincountry,:citizenship,:gender,:dob,:language,:landing,:email,:phone,:cellphone,:caddress,:paddress,:school,:grade,:smoker,:referred,:notes)";
$q = $conn->PRepare($sql);
$q->execute(array(':firstname'=>$firstname,':lastname'=>$lastname,':origincountry'=>$origincountry,':citizenship'=>$citizenship,':gender'=>$gender,':dob'=>$dob,':language'=>$language,':landing'=>$landing,':email'=>$email,':phone'=>$phone,':cellphone'=>$cellphone,':caddress'=>$caddress,':paddress'=>$paddress,':school'=>$school,':grade'=>$grade,':smoker'=>$smoker,':referred'=>$referred,':notes'=>$notes));
以上是脚本宝典为你收集整理的php – 不太了解SQL注入全部内容,希望文章能够帮你解决php – 不太了解SQL注入所遇到的问题。
本图文内容来源于网友网络收集整理提供,作为学习参考使用,版权属于原作者。
如您有任何意见或建议可联系处理。小编QQ:384754419,请注明来意。