Preventing SQL Injection Attacks

Jump to bottom Edit New page

Lin Canbin edited this page Mar 21, 2015 · 1 revision

Preventing SQL Injection Attacks

####Safety: Use parameter binding method Safety Example:

<?php
$DB->query("SELECT * FROM fruit WHERE name=?", array($_GET['name']));
?>

####Unsafety: Split joint SQL string Unsafety Example:

<?php
$DB->query("SELECT * FROM fruit WHERE name=".$_GET['name']);
?>