当前位置: 首页 » php

preventing sql injection in php

This question already has an answer here: How can I prevent SQL injection in PHP? 28 answers There is extensive information through simple Google searches that can guide you in the right direction. To start though: DON'T USE MYSQL_* FUNCTIONS These are deprecated and will generate warnings. They are not even remotely good practice for modern web development. USE A DATABASE LIBRARY

2018-05-29 21:55:31

防止在PHP中的SQL注入

这个问题在这里已经有了答案: 我如何防止PHP中的SQL注入? 28个答案 通过简单的Google搜索就可以获得丰富的信息,可以引导您朝着正确的方向发展。 开始虽然: 不要使用MYSQL_ *函数这些已被弃用,并会产生警告。 他们甚至不是现代Web开发的良好实践。 像使用PDO或MySQLi一样使用数据库库 。 有很多教程可以帮助您入门,最重要的是这些库为您处理SQL注入 。 所以用它们!

2018-05-29 21:55:31

How to prevent SQL injection, php

This question already has an answer here: How can I prevent SQL injection in PHP? 28 answers 这是PHP的官方文档 。

2018-05-29 21:54:29

如何防止SQL注入,PHP

这个问题在这里已经有了答案: 我如何防止PHP中的SQL注入? 28个答案 这是PHP的官方文档 。

2018-05-29 21:54:29

Are PDO prepared statements sufficient to prevent SQL injection?

Let's say I have code like this: $dbh = new PDO("blahblah"); $stmt = $dbh->prepare('SELECT * FROM users where username = :username'); $stmt->execute( array(':username' => $_REQUEST['username']) ); The PDO documentation says: The parameters to prepared statements don't need to be quoted; the driver handles it for you. Is that truly all I need to do to avoid SQL injections?

2018-05-29 21:50:18

PDO准备的语句是否足以防止SQL注入?

假设我有这样的代码: $dbh = new PDO("blahblah"); $stmt = $dbh->prepare('SELECT * FROM users where username = :username'); $stmt->execute( array(':username' => $_REQUEST['username']) ); PDO文件说: 准备报表的参数不需要引用; 司机为你处理它。 这是我真正需要做的,以避免SQL注入? 这真的很简单吗? 如果它有所作为,你可以假设MySQL。 另外,我真的只对使用SQL注入准备语句感到好奇。 在

2018-05-29 21:50:18

SQL injection that gets around mysql

Is there an SQL injection possibility even when using mysql_real_escape_string() function? Consider this sample situation. SQL is constructed in PHP like this: $login = mysql_real_escape_string(GetFromPost('login')); $password = mysql_real_escape_string(GetFromPost('password')); $sql = "SELECT * FROM table WHERE login='$login' AND password='$password'"; I have heard numerous people say to m

2018-05-29 21:49:15

SQL注入绕过MySQL

即使使用mysql_real_escape_string()函数,是否有SQL注入的可能性? 考虑这个示例情况。 SQL在PHP中是这样构造的: $login = mysql_real_escape_string(GetFromPost('login')); $password = mysql_real_escape_string(GetFromPost('password')); $sql = "SELECT * FROM table WHERE login='$login' AND password='$password'"; 我听到很多人都对我说,即使使用了mysql_real_escape_string()函数,这样的代码仍然很危险并且

2018-05-29 21:49:15

Is there a php library for email address validation?

I need to validate the email address of my users. Unfortunately, making a validator that comforms to standards is hard Here is an example of a regex expression that tries to comform to standard Are there any PHP library (preferably, open-source) that validates email address? Have you looked at PHP's filter_ functions? They're not perfect, but they do a fairly decent job in my expe

2018-05-29 21:37:45

有一个用于电子邮件地址验证的PHP库吗?

我需要验证我的用户的电子邮件地址。 不幸的是,制作符合标准的验证器非常困难 这是一个试图符合标准的正则表达式的例子 是否有任何PHP库(最好是开源的)验证电子邮件地址? 你看过PHP的filter_函数吗? 他们并不完美,但他们在我的经历中做了相当体面的工作。 用法示例(返回布尔值): filter_var($someEmail, FILTER_VALIDATE_EMAIL); AFAIK,验证电子邮件的唯一好方法是发送电子邮件,并查看用户是否使用此电

2018-05-29 21:37:45

Does PHP's filter

After reading various posts I decided not to use REGEX to check if an email is valid and simply use PHP's inbuilt filter_var function. It seemed to work ok, until it started telling me an email was invalid because I had a number in it. ie name@domain.com works, while name2@domain.com doesn't. Am I missing something or is the filter_var($email, FILTER_VALIDATE_EMAIL) really quite inef

2018-05-29 21:36:43

PHP的过滤器

阅读各种帖子后,我决定不使用REGEX来检查电子邮件是否有效,并简单地使用PHP的内置filter_var函数。 它似乎工作正常,直到它开始告诉我一封电子邮件是无效的,因为我有一个数字。 即name@domain.com工作,而name2@domain.com不工作。 我错过了什么,或者是filter_var($email, FILTER_VALIDATE_EMAIL)真的很无效吗? PHP 5.3.3过滤器代码中使用的正则表达式基于Michael Rushton关于电子邮件地址验证的博客。 它似乎适用

2018-05-29 21:36:42

how to convert HTML + CSS to PDF with PHP?

Ok, I'm now banging my head against a brick wall with this one. I have an HTML (not XHTML) document that renders fine in Firefox 3 and IE 7. It uses fairly basic CSS to style it and renders fine in HTML. I'm now after a way of converting it to PDF. I have tried: DOMPDF: It had huge problems with tables. I factored out my large nested tables and it helped (before it was just cons

2018-05-29 20:16:42

如何使用PHP将HTML + CSS转换为PDF?

好的,我现在正在用这个砖头撞墙。 我有一个在Firefox 3和IE 7中呈现良好的HTML(不是XHTML)文档。它使用相当基本的CSS来设计它,并且在HTML中渲染得很好。 我现在正在将它转换为PDF。 我努力了: DOMPDF: 它有很大的表格问题。 我分解了我的大型嵌套表,并且它有所帮助(在它耗尽高达128M的内存然后死亡之前 - 这是我在php.ini中对内存的限制),但是它使得表格变得非常混乱,似乎并没有得到图片。 表格只是一些基

2018-05-29 20:16:41

Update whole page on Ajax request

I have an AJAX request that can have two possible outcomes: The server responds with a message which I should place in a <div> The server responds with an HTML page, in this case I need to substitute current page with a new one and change the address (the client knows the address before a request). What would be the solution if I have the AJAX request that needs to handle both of thes

2018-05-29 15:10:22

在Ajax请求上更新整个页面

我有一个AJAX请求可以有两种可能的结果: 服务器响应一个消息,我应该把它放在一个<div> 服务器响应一个HTML页面,在这种情况下,我需要用新页面替换当前页面并更改地址(客户端在请求前知道地址)。 如果我有需要处理这两种情况的AJAX请求,那么解决方案是什么? url = "http://example.com" ajax.request(callback) function callback(response) { if (case2(response)) { history.pushState(

2018-05-29 15:10:21

PHP header(): 302 Moved Temporarily error

This question already has an answer here: How do I redirect to another webpage? 67 answers The response already redirects the AJAX request. It does not change the page the user is currently seeing in the browser. That's the way it is and you cannot change it from within PHP. The AJAX request was executed entirely in the background, that's the point of AJAX. Whatever response the

2018-05-29 15:09:20

PHP标头():302移动临时错误

这个问题在这里已经有了答案: 我如何重定向到另一个网页? 67个答案 该响应已重定向AJAX请求。 它不会更改用户当前在浏览器中看到的页面。 这就是它的样子,你不能在PHP中改变它。 AJAX请求完全在后台执行,这就是AJAX的要点。 无论服务器返回什么响应,都不会直接显着影响用户当前可以看到的网站上的任何内容。 你必须完全用Javascript处理响应。 如果你想根据失败的AJAX响应将用户重定向到另一个页面,则必须在Ja

2018-05-29 15:09:20

redirect to same page to anchor

Need make redirect from http://sitename.com/cat/index.php to http://sitename.com/cat/index.php#anchor I tried 2 ways: php redirect and meta refresh PHP redirect <?php $URL = "http://sitename.com/cat/index.php#anchor"; header("Location: $URL"); ?> <html> .... meta refresh <html> <head> ... <meta http-equiv="refresh" content="0;url=http://siten

2018-05-29 15:07:16

重定向到相同的页面来锚定

需要从http://sitename.com/cat/index.php重定向到http://sitename.com/cat/index.php#anchor 我尝试了2种方式:php重定向和元刷新 PHP重定向 <?php $URL = "http://sitename.com/cat/index.php#anchor"; header("Location: $URL"); ?> <html> .... 元刷新 <html> <head> ... <meta http-equiv="refresh" content="0;url=http://sitename.ru/cat/index.php#anchor">

2018-05-29 15:07:16