PHP中该怎样防止SQL注入
展开全部
这里聊这么大的话题没时间了?建议你用mysqli
防SQL注入(? 占位) ,后期传的值不会当成SQL语句
<?php
$mysqli=new mysqli("localhost", "root", "123456", "xsphpdb");
$stmt=$mysqli->prepare("select id, name, price, num, desn from shops where id>?");
$stmt->bind_param("i", $id);
$stmt->bind_result($id, $name, $price, $num, $desn);
$id=99;
$stmt->execute();
$stmt->store_result(); //一次性将结果都取过来 重要
//字段信息
$result=$stmt->result_metadata();
while($field=$result->fetch_field()){
echo $field->name."--";
}
echo '<br>';
//记录信息
//$stmt->data_seek(2);
while($stmt->fetch()){
echo "$id--$name---$price---$num---$desn <br>";
}
echo "记录总数:".$stmt->num_rows;
$stmt->free_result();
$stmt->close();
?>
防SQL注入(? 占位) ,后期传的值不会当成SQL语句
<?php
$mysqli=new mysqli("localhost", "root", "123456", "xsphpdb");
$stmt=$mysqli->prepare("select id, name, price, num, desn from shops where id>?");
$stmt->bind_param("i", $id);
$stmt->bind_result($id, $name, $price, $num, $desn);
$id=99;
$stmt->execute();
$stmt->store_result(); //一次性将结果都取过来 重要
//字段信息
$result=$stmt->result_metadata();
while($field=$result->fetch_field()){
echo $field->name."--";
}
echo '<br>';
//记录信息
//$stmt->data_seek(2);
while($stmt->fetch()){
echo "$id--$name---$price---$num---$desn <br>";
}
echo "记录总数:".$stmt->num_rows;
$stmt->free_result();
$stmt->close();
?>
本回答由提问者推荐
已赞过
已踩过<
评论
收起
你对这个回答的评价是?
推荐律师服务:
若未解决您的问题,请您详细描述您的问题,通过百度律临进行免费专业咨询
