在 CodeIgniter 中防止 SQL 注入的最佳方法是什么
What are the best ways to prevent SQLInjection in CodeIgniter
我是 codeigniter 框架的新手,我提出了一些查询,我的问题是什么是确保我的查询安全的最佳方法。我应该使用 mysql_real_escape_string 还是有更好的方法。
我使用以下代码插入:
function createCustomer($data){
$this->firstname = $data['firstname'];
$this->lastname = $data['surname1'].' '.$data['surname2'];
$this->address = $data['adres'];
$this->zipcode = $data['zipcode'];
$this->mail = $data['mail'];
$this->phonenumber = $data['phonenumber'];
$this->db->insert('Klant',$this);
//Check if the change was succesfull
return ($this->db->affected_rows() != 1) ? false : true;
}
获取代码如下:
function getUserByName($firstname, $lastname){
$query = $this->db->get_where('Customer', array('firstname' => $firstname, 'lastname' => $lastname));
return $query->result();
}
防止sql 注入的最佳方法是什么?欢迎任何提示。
最好的办法是
打开文件 config.php
文件位置 application/config
使以下代码为真
|--------------------------------------------------------------------------
| Global XSS Filtering
|--------------------------------------------------------------------------
|
| Determines whether the XSS filter is always active when GET, POST or
| COOKIE data is encountered
|
*/
$config['global_xss_filtering'] = FALSE;
至
|--------------------------------------------------------------------------
| Global XSS Filtering
|--------------------------------------------------------------------------
|
| Determines whether the XSS filter is always active when GET, POST or
| COOKIE data is encountered
|
*/
$config['global_xss_filtering'] = TRUE;
您无需再做任何事情来防止 sql 注入和跨站点脚本。
我是 codeigniter 框架的新手,我提出了一些查询,我的问题是什么是确保我的查询安全的最佳方法。我应该使用 mysql_real_escape_string 还是有更好的方法。
我使用以下代码插入:
function createCustomer($data){
$this->firstname = $data['firstname'];
$this->lastname = $data['surname1'].' '.$data['surname2'];
$this->address = $data['adres'];
$this->zipcode = $data['zipcode'];
$this->mail = $data['mail'];
$this->phonenumber = $data['phonenumber'];
$this->db->insert('Klant',$this);
//Check if the change was succesfull
return ($this->db->affected_rows() != 1) ? false : true;
}
获取代码如下:
function getUserByName($firstname, $lastname){
$query = $this->db->get_where('Customer', array('firstname' => $firstname, 'lastname' => $lastname));
return $query->result();
}
防止sql 注入的最佳方法是什么?欢迎任何提示。
最好的办法是 打开文件 config.php 文件位置 application/config
使以下代码为真
|--------------------------------------------------------------------------
| Global XSS Filtering
|--------------------------------------------------------------------------
|
| Determines whether the XSS filter is always active when GET, POST or
| COOKIE data is encountered
|
*/
$config['global_xss_filtering'] = FALSE;
至
|--------------------------------------------------------------------------
| Global XSS Filtering
|--------------------------------------------------------------------------
|
| Determines whether the XSS filter is always active when GET, POST or
| COOKIE data is encountered
|
*/
$config['global_xss_filtering'] = TRUE;
您无需再做任何事情来防止 sql 注入和跨站点脚本。