[英]Protect against SQL Injection - test with sqlmap
i wish to know if i need protection against sql injection only in the case of the inserts i write, or if it is needed to use prepared statements for all the queries. 我想知道是否仅在插入的情况下是否需要防止sql注入,或者是否需要对所有查询使用准备好的语句。 How do i test it with sqlmap?
如何使用sqlmap测试? (localhost)
(本地主机)
Use Prepared statements below is an example 以下是使用预准备语句的示例
$name = $_GET['username'];
if ($stmt = $mysqli->prepare("SELECT password FROM tbl_users WHERE name=?")) { 如果($ stmt = $ mysqli-> prepare(“从tbl_users的WHERE名称=?中选择密码”)){
// Bind a variable to the parameter as a string.
$stmt->bind_param("s", $name);
// Execute the statement.
$stmt->execute();
// Get the variables from the query.
$stmt->bind_result($pass);
// Fetch the data.
$stmt->fetch();
// Display the data.
printf("Password for user %s is %s\n", $name, $pass);
// Close the prepared statement.
$stmt->close();
} }
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.