[英]Is this secure enough?
I'm new with PDO, and I just wanted to know if this code: 我是PDO的新手,我只是想知道这段代码:
$string = $_POST['string'];
$matches = $SQL->prepare("SELECT * FROM `users` WHERE `name` LIKE ?");
$matches->execute(array('%'.$string.'%'));
foreach($matches->fetchAll() as $match) {
echo $match["name"]."<br/>";
}
Is secure enough? 足够安全吗? I just wan't to be sure and prevent from hacking.
我只是不确定并防止黑客入侵。 This code will withdraw all
users
from the database with name like in the $string
variable. 此代码将从数据库中撤消所有
users
,其名称类似于$string
变量。
Feel free to post your solutions also! 随意发布您的解决方案!
在执行查询之前,PDO将自动转义为其提供的任何输入,因此就SQL注入攻击而言,它是安全的。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.