当前位置: 首页 » php

Is this a secure method to insert form data into a MySQL database?

Possible Duplicate: Best way to stop SQL Injection in PHP This is the example on w3schools.org: HTML form: <html> <body> <form action="insert.php" method="post"> Firstname: <input type="text" name="firstname" /> Lastname: <input type="text" name="lastname" /> Age: <input type="text" name="age" /> <input type="submit" /> </form> </body>

2018-06-05 06:04:36

这是一种将表单数据插入MySQL数据库的安全方法吗?

可能重复: 在PHP中停止SQL注入的最佳方法 这是w3schools.org上的示例: HTML表单: <html> <body> <form action="insert.php" method="post"> Firstname: <input type="text" name="firstname" /> Lastname: <input type="text" name="lastname" /> Age: <input type="text" name="age" /> <input type="submit" /> </form> </body> </html> insert.php

2018-06-05 06:04:36

PHP MySQLI Prevent SQL Injection

This question already has an answer here: How can I prevent SQL injection in PHP? 28 answers Any query can be injected whether it's read or write, persistent or transient. Injections can be performed by ending one query and running a separate one (possible with mysqli ), which renders the intended query irrelevant. Any input to a query from an external source whether it is from users

2018-06-05 06:03:34

PHP的MySQLI防止SQL注入

这个问题在这里已经有了答案: 我如何防止PHP中的SQL注入? 28个答案 任何查询都可以注入,无论是读取还是写入,持久还是瞬态。 注入可以通过结束一个查询并运行一个单独的(可能与mysqli )来执行,这使得预期的查询不相关。 对来自外部源的查询的任何输入(无论是来自用户还是来自内部的输入)都应被视为查询的参数,以及查询上下文中的参数。 查询中的任何参数都需要参数化。 这导致了一个正确的参数化查询,您可以

2018-06-05 06:03:34

real escape string and PDO

This question already has an answer here: How can I prevent SQL injection in PHP? 28 answers You should use PDO Prepare From the link: Calling PDO::prepare() and PDOStatement::execute() for statements that will be issued multiple times with different parameter values optimizes the performance of your application by allowing the driver to negotiate client and/or server side caching of the

2018-06-05 06:02:32

真正的转义字符串和PDO

这个问题在这里已经有了答案: 我如何防止PHP中的SQL注入? 28个答案 您应该使用PDO准备 从链接: 对于将使用不同参数值多次发布的语句,调用PDO :: prepare()和PDOStatement :: execute()可以通过允许驱动程序协商查询计划的客户端和/或服务器端缓存来优化应用程序的性能,元信息,并且通过不需要手动引用参数来帮助防止SQL注入攻击 。 PDO提供了一种设计替代mysql_escape_string()与PDO :: quote()方法的替

2018-06-05 06:02:32

How to deal with Apostrophe while writing into Mysql database

This question already has an answer here: How can I prevent SQL injection in PHP? 28 answers The process of encoding data which contains characters MySQL might interpret is called "escaping". You must escape your strings with mysql_real_escape_string , which is a PHP function, not a MySQL function, meaning you have to run it in PHP before you pass your query to the database. You

2018-06-05 06:01:30

在写入Mysql数据库时如何处理撇号

这个问题在这里已经有了答案: 我如何防止PHP中的SQL注入? 28个答案 编码包含字符MySQL的数据的过程可能被解释为“转义”。 您必须使用mysql_real_escape_string (它是一个PHP函数,而不是MySQL函数)来逃避您的字符串,这意味着在将查询传递给数据库之前,必须先用PHP运行它。 您必须转义来自外部来源的任何数据。 任何未被转义的数据都是潜在的SQL注入。 在构建查询之前,必须先转义数据。 此外,您可以使用PHP的循

2018-06-05 06:01:30

Escaping single quote in PHP when inserting into MySQL

This question already has an answer here: How can I prevent SQL injection in PHP? 28 answers You should be escaping each of these strings (in both snippets) with mysql_real_escape_string() . http://us3.php.net/mysql-real-escape-string The reason your two queries are behaving differently is likely because you have magic_quotes_gpc turned on (which you should know is a bad idea). This mea

2018-06-05 06:00:28

在插入MySQL时转义PHP中的单引号

这个问题在这里已经有了答案: 我如何防止PHP中的SQL注入? 28个答案 你应该用mysql_real_escape_string()来转义每个字符串(在这两个片段中mysql_real_escape_string() 。 http://us3.php.net/mysql-real-escape-string 你的两个查询行为不同的原因可能是因为你开启了magic_quotes_gpc (你应该知道这是一个坏主意)。 这意味着从$ _GET,$ _POST和$ _COOKIES收集到的字符串会被转义(即"O'Brien" ->

2018-06-05 06:00:28

Exploitable PHP functions

I'm trying to build a list of functions that can be used for arbitrary code execution. The purpose isn't to list functions that should be blacklisted or otherwise disallowed. Rather, I'd like to have a grep -able list of red-flag keywords handy when searching a compromised server for back-doors. The idea is that if you want to build a multi-purpose malicious PHP script -- such as

2018-06-05 05:44:59

可开发的PHP函数

我试图建立一个可用于任意代码执行的函数列表。 目的不是要列出应被列入黑名单或不允许的功能。 相反,我希望在搜索受感染服务器的后门时方便地使用grep -able的红旗关键字列表。 这个想法是,如果你想构建一个多用途的恶意PHP脚本 - 比如像c99或r57这样的“web shell”脚本 - 你将不得不使用一个或多个相对较小的一组函数在文件的某处,以便允许用户执行任意代码。 搜索这些函数可以帮助您更快速地将数以万计的PHP文件的大堆

2018-06-05 05:44:58

Where to use mysql

I'm in trouble with a group of hackers. they hacked my client's site few times, and my client gets more angry :( my client lost his database (which has hundreds records), and had to enter all :( now I'm following some more introductions; fixed file permissions changed ftp and host login info cleared all remote mysql accesses now working on SQL Injection issue. I added mysq

2018-06-05 05:42:54

在哪里使用mysql

我遇到了一群黑客的麻烦。 他们侵入了我客户的网站几次,而我的客户变得更加生气:(我的客户失去了他的数据库(有数百条记录),并且必须输入全部:( 现在我正在进行更多的介绍。 固定的文件权限 更改了ftp和主机登录信息 清除所有远程mysql访问 现在正在处理SQL注入问题。 我将mysql_real_escape_string添加到管理面板登录参数。 那么我应该在哪里使用这个mysql_real_escape_string? 我在网站上有几个电子邮件表单

2018-06-05 05:42:54

Using regex for simple email validation

Possible Duplicates: What is the best regular expression for validating email addresses? Is there a php library for email address validation? On my register form a user will add his email and then get an email to verify his account. However I want to have a simple email validation and I would like to know if the following is appropriate. <?php $email = "someone@example.com"; if(eregi(

2018-06-05 04:40:56

使用正则表达式进行简单电子邮件验证

可能重复: 验证电子邮件地址的最佳正则表达式是什么? 有一个用于电子邮件地址验证的PHP库吗? 在我的注册表格中,用户将添加他的电子邮件,然后通过电子邮件验证他的帐户。 然而,我想要一个简单的电子邮件验证,我想知道以下是否合适。 <?php $email = "someone@example.com"; if(eregi("^[_a-z0-9-]+(.[_a-z0-9-]+)*@[a-z0-9-]+(.[a-z0-9-]+)*(.[a-z]{2,3})$", $email)) { echo "Valid email address."; } el

2018-06-05 04:40:56

PHP email validation

This question already has an answer here: How to validate an email address using a regular expression? 74 answers I suggest you use the FILTER_VALIDATE_EMAIL filter: if (filter_var($email, FILTER_VALIDATE_EMAIL)) { //valid } You can also use its regular expression directly: "/^(?!(?:(?:\x22?\x5C[\x00-\x7E]\x22?)|(?:\x22?[^\x5C\x22]\x22?)){255,})(?!(?:(?:\x22?\x5C[\x00-\x7E]\x22?)|(?:\

2018-06-05 04:36:49

PHP电子邮件验证

这个问题在这里已经有了答案: 如何使用正则表达式验证电子邮件地址? 74个答案 我建议你使用FILTER_VALIDATE_EMAIL过滤器: if (filter_var($email, FILTER_VALIDATE_EMAIL)) { //valid } 你也可以直接使用它的正则表达式: "/^(?!(?:(?:\x22?\x5C[\x00-\x7E]\x22?)|(?:\x22?[^\x5C\x22]\x22?)){255,})(?!(?:(?:\x22?\x5C[\x00-\x7E]\x22?)|(?:\x22?[^\x5C\x22]\x22?)){65,}@)(?:(?:[\x21\x23-\x27\x2A\x2B\x2D\x2F-

2018-06-05 04:36:48

var($email, FILTER

I am validating email using- filter_var($email, FILTER_VALIDATE_EMAIL). I want to echo a statement saying 'invalid email' if the above function returns false. However irrespective of if-statement 'invalid email' echoed on the screen from the beginning of time when page loads. Help. This is my code: <?php $emailErr = ""; ?> <form method="post" action="<?php echo h

2018-06-05 04:29:23

var($ email,FILTER

我使用filter_var($ email,FILTER_VALIDATE_EMAIL)验证电子邮件。 如果上述函数返回false,我想回显一个声明'无效的电子邮件'。 然而,无论if语句中的“无效电子邮件”在页面加载时从屏幕回显。 帮帮我。 这是我的代码: <?php $emailErr = ""; ?> <form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"> <ul class="form-style-1"> <li> <label

2018-06-05 04:29:13