security - PHP protection of GET parameters

Question

Ask a Question

Welcome To Ask or Share your Answers For Others

security - PHP protection of GET parameters

asked Oct 24, 2021 in Technique[技术] by 深蓝 (71.8m points)

OK consider this url:

example.com/single.php?id=21424

It's pretty obvious to you and i that the PHP is going to take the id and run it through a mysql query to retrieve 1 record to display it on the page.

Is there anyway some malicious hacker could mess this url up and pose a security threat to my application/mysql DB?

Thanks

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙；凝视深渊过久,深渊将回以凝视…

1.1k views

1 Answer

深蓝 · Answer 1 · 2021-10-23T18:40:18+0000

Of course, never ever ever consider a user entry (_GET, _POST, _COOKIE, etc) as safe.

Use mysql_real_escape_string php function to sanitize your variables: http://php.net/manual/en/function.mysql-real-escape-string.php

About SQL injections : http://en.wikipedia.org/wiki/SQL_injection

Categories

security - PHP protection of GET parameters

Please log in or register to add a comment.

Please log in or register to answer this question.

1 Answer

Please log in or register to add a comment.

Just Browsing Browsing

Most popular tags