I have made a form that accepts query and executes it through php. I would like to apply a check on the input that only select statement is allowed for queries. How can i achieve that ?
Best way is if you have access to your database server and can create a new user, create a user with only a SELECT privilege, then assign that user to your php web application.
http://dev.mysql.com/doc/refman/5.1/en/grant.html#grant-privileges
Regex is fine, but it's a bit of a risky method to filter it out that way, you'll never know how creative your user can be :)
为了安全起见,您可以创建一个MySQL用户并仅为该用户授予SELECT
权限 。
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.