[英]Is this part of the script is safe from sql injection?
Is this part of the script is safe from sql injections? 脚本的这一部分对SQL注入安全吗? Because i used this
因为我用这个
foreach(array_keys($_POST) as $key)
{
$clean[$key] = mysql_real_escape_string(trim($_POST[$key]));
}
the guide of web said it should work more effectively and faster. 网络指南说,它应该更有效,更快地工作。
<?
session_start();
include("db.php");
if(empty($_POST['token']) || $_POST['token'] !== $_SESSION['token']){
exit("Error!");
}
unset($_SESSION['token']);
foreach(array_keys($_POST) as $key)
{
$clean[$key] = mysql_real_escape_string(trim($_POST[$key]));
}
$name=$clean['name'];
$country=$clean['country'];
$ip=$clean['ip'];
$map=$clean['map'];
Thanks for any help. 谢谢你的帮助。
Yes, this is save in case you put it in quotes (in mysql query).. However, I'd change foreach to 是的,如果您将其放在引号中(在mysql查询中),则可以节省此时间。但是,我会将foreach更改为
foreach($_POST as $key => $value)
{
$clean[$key] = mysql_real_escape_string(trim($value));
}
如果要轻松防止SQL注入并养成良好的习惯,则应使用PDO或mysqli检查参数化查询 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.