stackoom
  简体   繁体   中英

Is this secure enough?

 原文  2011-10-09 05:44:49       php/ security/ pdo

Question

I'm new with PDO, and I just wanted to know if this code: 

$string = $_POST['string'];
$matches = $SQL->prepare("SELECT * FROM `users` WHERE `name` LIKE ?");
$matches->execute(array('%'.$string.'%'));

foreach($matches->fetchAll() as $match) {
    echo $match["name"]."<br/>";
}

Is secure enough? I just wan't to be sure and prevent from hacking. This code will withdraw all users from the database with name like in the $string variable.

Feel free to post your solutions also!

1 answers

solution1
 4  2011-10-09 05:49:22

在执行查询之前,PDO将自动转义为其提供的任何输入,因此就SQL注入攻击而言,它是安全的。

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Is this login system secure enough? Is 'image' rule secure enough? Is this secure enough, for hashing Are these steps enough to secure a site? Is this user auth secure enough? php checking session secure enough? Is my PDO INSERT INTO enough secure? PHP password protection secure enough Working with Security and Sessions, is this secure enough? Is using one session secure enough?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM