清理所有用户';PHP在PostgreSQL中的输入
这个问题的基础是 使用pg_prepare时是否需要明确消毒? 我觉得pg_prepare会自动清理用户的输入,这样我们就不需要这样做了清理所有用户';PHP在PostgreSQL中的输入,php,postgresql,sanitize,Php,Postgresql,Sanitize,这个问题的基础是 使用pg_prepare时是否需要明确消毒? 我觉得pg_prepare会自动清理用户的输入,这样我们就不需要这样做了 $question_id = filter_input(INPUT_GET, 'questions', FILTER_SANITIZE_NUMBER_INT); 我使用Postgres的上下文 $result = pg_prepare($dbconn, "query9", "SELECT title, answer FROM answers
$question_id = filter_input(INPUT_GET, 'questions', FILTER_SANITIZE_NUMBER_INT);
$result = pg_prepare($dbconn, "query9", "SELECT title, answer
FROM answers
WHERE questions_question_id = $1;");
$result = pg_execute($dbconn, "query9", array($_GET['question_id']));
pg_preparefilter\u input()函数与postgres有什么关系……或者我遗漏了什么?
<?php
// Connect to a database named "mary"
$dbconn = pg_connect("dbname=mary");
// Prepare a query for execution
$result = pg_prepare($dbconn, "my_query", 'SELECT * FROM shops WHERE name = $1');
// Execute the prepared query. Note that it is not necessary to escape
// the string "Joe's Widgets" in any way
$result = pg_execute($dbconn, "my_query", array("Joe's Widgets"));
// Execute the same prepared query, this time with a different parameter
$result = pg_execute($dbconn, "my_query", array("Clothes Clothes Clothes"));
?>