Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.2k views
in Technique[技术] by (71.8m points)

security - PHP protection of GET parameters

OK consider this url:

example.com/single.php?id=21424

It's pretty obvious to you and i that the PHP is going to take the id and run it through a mysql query to retrieve 1 record to display it on the page.

Is there anyway some malicious hacker could mess this url up and pose a security threat to my application/mysql DB?

Thanks

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

Of course, never ever ever consider a user entry (_GET, _POST, _COOKIE, etc) as safe.

Use mysql_real_escape_string php function to sanitize your variables: http://php.net/manual/en/function.mysql-real-escape-string.php

About SQL injections : http://en.wikipedia.org/wiki/SQL_injection


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

2.1m questions

2.1m answers

60 comments

57.0k users

...