防止SQL注入-使用sqlmap测试
[英]Protect against SQL Injection - test with sqlmap
问题描述
i wish to know if i need protection against sql injection only in the case of the inserts i write, or if it is needed to use prepared statements for all the queries. 
我想知道是否仅在插入的情况下是否需要防止sql注入,或者是否需要对所有查询使用准备好的语句。 How do i test it with sqlmap? 如何使用sqlmap测试? (localhost) (本地主机)
1 个解决方案
解决方案1
0 2017-06-17 18:40:25
Use Prepared statements below is an example 以下是使用预准备语句的示例
$name = $_GET['username'];
if ($stmt = $mysqli->prepare("SELECT password FROM tbl_users WHERE name=?")) { 如果($ stmt = $ mysqli-> prepare(“从tbl_users的WHERE名称=?中选择密码”)){
// Bind a variable to the parameter as a string.
$stmt->bind_param("s", $name);
// Execute the statement.
$stmt->execute();
// Get the variables from the query.
$stmt->bind_result($pass);
// Fetch the data.
$stmt->fetch();
// Display the data.
printf("Password for user %s is %s\n", $name, $pass);
// Close the prepared statement.
$stmt->close();
} }
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
防止SQL注入 - Protect against SQL injection
这个PHP函数是否可以防止SQL注入? - Does this PHP function protect against SQL injection?
加密是否可以防止sql注入? - Does encryption protect against sql injection?
保护 Oracle 数据库免受 SQL 注入 - Protect Oracle database against SQL Injection
sprintf() 如何防止 SQL 注入? - How does sprintf() protect against SQL injection?
通过sqlmap验证sql注入 - verify sql injection through sqlmap
如何保护变量表名称以防PHP中的SQL注入 - How to protect variable table names against SQL injection in PHP
防止GET参数注入 - Protect against GET parameter injection
这样可以防止注入攻击吗? - Does this protect against injection attacks?
如何防止LDAP注入 - how to protect against LDAP Injection
相关标签