1.mysqli防注入

<?php//定義配置文件$config = [//地址"host" => "127.0.0.1",//數(shù)據(jù)庫名稱"dbname" => "xxxx",//用戶名"user" => "xxxx",//密碼"pass" => "xxx"];//連接數(shù)據(jù)庫$link = mysqli_connect($config["host"],$config["user"],$config["pass"],$config["dbname"]);//獲取用戶id 使用intval防注入 $user_id = intval($_GET["id"]);$user_id = $_GET["id"];$user_name = $_GET["name"];//寫sql語句$sql = "select * from p_users where user_id=? and user_name=?";echo "<br>".var_dump($sql);//預(yù)處理$stmt = mysqli_prepare($link,$sql);//綁定函數(shù) 這里的ss為 后面第一個(gè)參數(shù)為字符串 第二個(gè)參數(shù)也為字符串mysqli_stmt_bind_param($stmt,"ss",$user_id,$user_name);//執(zhí)行mysqli_stmt_execute($stmt);//獲取結(jié)果$res = mysqli_stmt_get_result($stmt);//結(jié)果轉(zhuǎn)換為二維數(shù)組$res = mysqli_fetch_all($res,1);echo "<pre>";print_r($res); echo "<pre>";

2、PDO防注入

<?php//配置文件$config = [//地址"host" => "127.0.0.1",//數(shù)據(jù)庫名稱"dbname" => "xxx",//用戶名"user" => "xxx",//密碼"pass" => "xxx"];//連接數(shù)據(jù)庫$dbh = new PDO("mysql:host={$config['host']};dbname={$config['dbname']}",$config['user'],$config['pass']);//獲取用戶id 使用intval防注入 $user_id = intval($_GET["id"]);$user_id = $_GET["id"];$user_name = $_GET["name"];//寫sql語句$sql = "select * from p_users where user_id=:id and user_name=:name";echo "<br>".var_dump($sql);//預(yù)處理$stmt = $dbh->prepare($sql);//綁定函數(shù)$stmt->bindParam(":id",$user_id);$stmt->bindParam(":name",$user_name);//執(zhí)行$stmt->execute();//結(jié)果轉(zhuǎn)換為二維數(shù)組$res = $stmt->fetchAll(PDO::FETCH_ASSOC);echo "<pre>";print_r($res); echo "<pre>";

常用的注入 or 1=1–

創(chuàng)作挑戰(zhàn)賽新人創(chuàng)作獎(jiǎng)勵(lì)來咯，堅(jiān)持創(chuàng)作打卡瓜分現(xiàn)金大獎(jiǎng)

總結(jié)

以上是生活随笔為你收集整理的mysqli与pdo防sql注入源码的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。