於是,我就開始使用的mysqli以提高安全性,這是我的時刻:一個 文件conectar.php安全性的mysqli
<?php
$DBServer = 'X'; // ip o lo que sea
$DBUser = 'X';
$DBPass = 'X';
$DBName = 'X';
$conn = new mysqli($DBServer, $DBUser, $DBPass, $DBName);
if ($conn->connect_error) {
trigger_error('Database connection failed: ' . $conn->connect_error, E_USER_ERROR);
}
?>
然後它具有以下代碼的PHP文件:
include("admin/conectar.php");
$categoria = $_GET['categoria'];
if($categoria){
$query_p = $conn->query("SELECT * FROM `productos` WHERE `categoria` = '$categoria' ORDER BY nombre ASC");
while($result_p = $query_p->fetch_object()){
$nombre = $result_p->nombre;
$referencia = $result_p->referencia;;
$descripcion = $result_p->descripcion;
$imagen = $result_p->imagen;
我應該怎麼做才能防止黑客攻擊或SQL注入?我應該設置一個數組,以便只接受$ categoria的某些值嗎? 謝謝!
參考這個問題的答案:http://stackoverflow.com/questions/60174/how-to-prevent-sql -injection-in-php –