使用PHP PDO / MySQL连接数据库的安全方法?
[英]Safe way of connecting to database using PHP PDO/MySQL?
问题描述
I have currently created this code from various tutorials and the PHP Manual (changed personal settings to 123) 
我目前已通过各种教程和PHP手册(将个人设置更改为123)创建了此代码。
$username = "123";
$password = "123";
$host = "localhost";
$dbname = "123";
try {
$dbh = new PDO('mysql:host=localhost;dbname=123', $username, $password);
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
echo "Connected";
}
catch(PDOException $e) {
echo "I'm sorry Charlie, I'm afraid i cant do that.";
file_put_contents('PDOErrors.txt', $e->getMessage(), FILE_APPEND);
$dbh = null;
}
I was just wondering if this is the best/safest way to connect to the database? 我只是想知道这是否是连接数据库的最佳/最安全方法? Other examples i have saw people have uses classes and private and public functions? 我看到的其他示例人们使用类以及私有和公共功能? I am new to PDO and my next steps are to insert, update, and delete data. 我是PDO的新手,我的下一步是插入,更新和删除数据。 I have built this before using mysql but thought it would be best to have a full understanding of PDO. 我已经在使用mysql之前构建了它,但是认为最好是对PDO有充分的了解。 Any hints, tips or advice would be great. 任何提示,技巧或建议都很好。 Thanks! 谢谢!
1 个解决方案
解决方案1
0 2012-08-09 16:00:50
This is safe but the main problems can occurs while inserting unquoted data (although PDO can be used to do it). 这是安全的,但是在插入未引用的数据时可能会出现主要问题(尽管可以使用PDO来完成)。
I suggest you to use another database layer (ORM) like Zend_Db or Doctrine , this will make your life really easier and your development safer since they handle some of the tough work for you. 我建议您使用另一个数据库层(ORM),例如Zend_Db或Doctrine ,这将使您的生活更加轻松,并且您的开发更安全,因为它们为您处理了一些艰巨的工作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.