在PHP-MySQL中绑定变量
[英]Bind variables in PHP-MySQL
问题描述
I am using below code to execute MySQL query in PHP . 
我正在使用以下代码在PHP执行MySQL查询。
$cus_id = '1';
$query = new QUERY();
$clause = "SELECT * FROM customers WHERE cus_id=:cus_id AND status='ACTIVE'";
$params = array('cus_id'=>$cus_id);
$result = $query->run($clause, $params)->fetchAll();
Now the question is: is it secure enough. 现在的问题是:它是否足够安全。 Or do I need to bind the static String as well? 还是我也需要绑定静态String? Something like: 就像是:
$clause = "SELECT * FROM customers WHERE cus_id=:cus_id AND status=:status";
$params = array('cus_id'=>$cus_id, 'status'=>'ACTIVE');
2 个解决方案
解决方案1
1 2015-10-26 14:25:25
It's secure because ACTIVE isn't user input. 这是安全的,因为ACTIVE不是用户输入。 So you don't need to bind it. 因此,您不需要绑定它。
解决方案2
1 2015-10-26 14:26:00
It's fine the way you have it. 拥有它的方式很好。 The value for status isn't being dynamically assembled and doesn't create any vulnerabilities. status的值不是动态组合的,不会创建任何漏洞。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
php-mysql交易 - Php-Mysql transactions
php-mysql 连接 - Php-mysql connectivity
PHP-Mysql错误,% - PHP-Mysql error with %
PHP-MySQL标记 - PHP-MySQL Tagging
POST 数据 PHP-MySql 到 HTML POST 到 PHP-MySql - POST Data PHP-MySql to HTML POST to PHP-MySql
php-mysql重复行 - Php-mysql duplicated rows
PHP-MySQL数据库连接 - PHP-MySQL Database Connection
PHP-MySql中的计数器错误 - Counter error in PHP-MySql
[PHP-MYSQL]查询报告 - [PHP-MYSQL]Query for Reporting
php-mysql中的代码实现 - Code implementation in php-mysql
相关标签