php methods to prevent SQL injection: 1. Use the mysql_real_escape_string method to escape special characters in the string used in SQL statements; 2. Turn on magic_quotes_gpc to prevent SQL injection; 3. Prevent SQL injection through custom functions .
Recommended: "PHP Video Tutorial"
PHP Mysql method to prevent SQL injection
This article introduces the method of preventing SQL injection in PHP Mysql:
Method 1:
mysql_real_escape_string -- Escape the string used in the SQL statement special characters, taking into account the current character set of the connection!
$sql = "select count(*) as ctr from users where username ='".mysql_real_escape_string($username)."' and password='". mysql_real_escape_string($pw)."' limit 1";
Method 2:
Open magic_quotes_gpc to prevent SQL injection. There is a setting in php.ini: magic_quotes_gpc = Off. This is turned off by default. If it is turned on, it will automatically convert user-submitted SQL queries, such as converting ' to \', etc., which plays a major role in preventing SQL injection.
If magic_quotes_gpc=Off, use the addslashes() function.
Method 3:
Custom function
/**
* 防止sql注入自定義方法一
* author: xiaochuan
* @param: mixed $value 參數(shù)值
*/
function check_param($value=null) {
# select|insert|update|delete|\'|\/\*|\*|\.\.\/|\.\/|union|into|load_file|outfile
$str = 'select|insert|and|or|update|delete|\'|\/\*|\*|\.\.\/|\.\/|union|into|load_file|outfile';
if(!$value) {
exit('沒有參數(shù)!');
}elseif(eregi($str, $value)) {
exit('參數(shù)非法!');
}
return true;
}
/**
* 防止sql注入自定義方法二
* author: xiaochuan
* @param: mixed $value 參數(shù)值
*/
function str_check( $value ) {
if(!get_magic_quotes_gpc()) {
// 進行過濾
$value = addslashes($value);
}
$value = str_replace("_", "\_", $value);
$value = str_replace("%", "\%", $value);
return $value;
}
/**
* 防止sql注入自定義方法三
* author: xiaochuan
* @param: mixed $value 參數(shù)值
*/
function post_check($value) {
if(!get_magic_quotes_gpc()) {
// 進行過濾
$value = addslashes($value);
}
$value = str_replace("_", "\_", $value);
$value = str_replace("%", "\%", $value);
$value = nl2br($value);
$value = htmlspecialchars($value);
return $value;
}The above is the details of how to prevent SQL injection in PHP Mysql
The above is the detailed content of PHP anti-sql injection method. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Beyond the LAMP Stack: PHP's Role in Modern Enterprise Architecture
Jul 27, 2025 am 04:31 AM
PHPisstillrelevantinmodernenterpriseenvironments.1.ModernPHP(7.xand8.x)offersperformancegains,stricttyping,JITcompilation,andmodernsyntax,makingitsuitableforlarge-scaleapplications.2.PHPintegrateseffectivelyinhybridarchitectures,servingasanAPIgateway
Object-Relational Mapping (ORM) Performance Tuning in PHP
Jul 29, 2025 am 05:00 AM
Avoid N 1 query problems, reduce the number of database queries by loading associated data in advance; 2. Select only the required fields to avoid loading complete entities to save memory and bandwidth; 3. Use cache strategies reasonably, such as Doctrine's secondary cache or Redis cache high-frequency query results; 4. Optimize the entity life cycle and call clear() regularly to free up memory to prevent memory overflow; 5. Ensure that the database index exists and analyze the generated SQL statements to avoid inefficient queries; 6. Disable automatic change tracking in scenarios where changes are not required, and use arrays or lightweight modes to improve performance. Correct use of ORM requires combining SQL monitoring, caching, batch processing and appropriate optimization to ensure application performance while maintaining development efficiency.
Building Resilient Microservices with PHP and RabbitMQ
Jul 27, 2025 am 04:32 AM
To build a flexible PHP microservice, you need to use RabbitMQ to achieve asynchronous communication, 1. Decouple the service through message queues to avoid cascade failures; 2. Configure persistent queues, persistent messages, release confirmation and manual ACK to ensure reliability; 3. Use exponential backoff retry, TTL and dead letter queue security processing failures; 4. Use tools such as supervisord to protect consumer processes and enable heartbeat mechanisms to ensure service health; and ultimately realize the ability of the system to continuously operate in failures.
Creating Production-Ready Docker Environments for PHP
Jul 27, 2025 am 04:32 AM
Using the correct PHP basic image and configuring a secure, performance-optimized Docker environment is the key to achieving production ready. 1. Select php:8.3-fpm-alpine as the basic image to reduce the attack surface and improve performance; 2. Disable dangerous functions through custom php.ini, turn off error display, and enable Opcache and JIT to enhance security and performance; 3. Use Nginx as the reverse proxy to restrict access to sensitive files and correctly forward PHP requests to PHP-FPM; 4. Use multi-stage optimization images to remove development dependencies, and set up non-root users to run containers; 5. Optional Supervisord to manage multiple processes such as cron; 6. Verify that no sensitive information leakage before deployment
VSCode settings.json location
Aug 01, 2025 am 06:12 AM
The settings.json file is located in the user-level or workspace-level path and is used to customize VSCode settings. 1. User-level path: Windows is C:\Users\\AppData\Roaming\Code\User\settings.json, macOS is /Users//Library/ApplicationSupport/Code/User/settings.json, Linux is /home//.config/Code/User/settings.json; 2. Workspace-level path: .vscode/settings in the project root directory
A Deep Dive into PHP's Internal Garbage Collection Mechanism
Jul 28, 2025 am 04:44 AM
PHP's garbage collection mechanism is based on reference counting, but circular references need to be processed by a periodic circular garbage collector; 1. Reference count releases memory immediately when there is no reference to the variable; 2. Reference reference causes memory to be unable to be automatically released, and it depends on GC to detect and clean it; 3. GC is triggered when the "possible root" zval reaches the threshold or manually calls gc_collect_cycles(); 4. Long-term running PHP applications should monitor gc_status() and call gc_collect_cycles() in time to avoid memory leakage; 5. Best practices include avoiding circular references, using gc_disable() to optimize performance key areas, and dereference objects through the ORM's clear() method.
The Serverless Revolution: Deploying Scalable PHP Applications with Bref
Jul 28, 2025 am 04:39 AM
Bref enables PHP developers to build scalable, cost-effective applications without managing servers. 1.Bref brings PHP to AWSLambda by providing an optimized PHP runtime layer, supports PHP8.3 and other versions, and seamlessly integrates with frameworks such as Laravel and Symfony; 2. The deployment steps include: installing Bref using Composer, configuring serverless.yml to define functions and events, such as HTTP endpoints and Artisan commands; 3. Execute serverlessdeploy command to complete the deployment, automatically configure APIGateway and generate access URLs; 4. For Lambda restrictions, Bref provides solutions.
Building Immutable Objects in PHP with Readonly Properties
Jul 30, 2025 am 05:40 AM
ReadonlypropertiesinPHP8.2canonlybeassignedonceintheconstructororatdeclarationandcannotbemodifiedafterward,enforcingimmutabilityatthelanguagelevel.2.Toachievedeepimmutability,wrapmutabletypeslikearraysinArrayObjectorusecustomimmutablecollectionssucha
