Is there any way to SQL inject in my code?

2018-07-03 13:02:21

This question already has an answer here:

SQL injection that gets around mysql_real_escape_string() 4 answers

How can I prevent SQL injection in PHP? 28 answers

Yes there is. You are solely relying on mysql_real_escape_string which has been deprecated. Furthermore you should build some of your own logic tests based on a range of input that you are expecting. You might want to use RegExp or some other trimming functions but don't rely just on mysql_real_escape_string .

You should write some logic to test the data you are expecting.

You can check out http://php.net/manual/en/security.database.sql-injection.php for more information on preventing SQL Injections.

链接地址: http://www.djcxy.com/p/93454.html

上一篇: string（）可以很好地防御SQL注入？

下一篇: 有没有办法在我的代码中注入SQL？