stackoom
  简体   繁体   中英

Allow only “Select” statement for queries executed through PHP

 原文  2012-03-22 09:49:43       php/ sql/ select

Question

I have made a form that accepts query and executes it through php. I would like to apply a check on the input that only select statement is allowed for queries. How can i achieve that ?

2 answers

solution1
 12 ACCPTED  2012-03-22 09:52:42

Best way is if you have access to your database server and can create a new user, create a user with only a SELECT privilege, then assign that user to your php web application.

http://dev.mysql.com/doc/refman/5.1/en/grant.html#grant-privileges

Regex is fine, but it's a bit of a risky method to filter it out that way, you'll never know how creative your user can be :)

solution2
 5  2012-03-22 09:54:41

为了安全起见,您可以创建一个MySQL用户并仅为该用户授予SELECT权限

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question php: 2 mysql queries but only 1 is executed Allow php file only to be executed when included by another PHP file PHP multiple MYSQL queries executed but only last one working SQL Queries - Insert Statement with Select (only using one column of select) MySQL SELECT Statement not working when executed from PHP Only the first IF statement out of 3 is executed within a PHP loop PHP sequence of executed queries in mysql Getting only the data from a select statement in PHP converting queries to if statement in php Only allow real visitors, and block custom “parsing” bots through PHP?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM