Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/php/233.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181

Warning: file_get_contents(/data/phpspider/zhask/data//catemap/3/html/85.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
“post”数组的键:。你能在这里发布完整的代码吗?谢谢你向我解释这个原则。所以这可能比标准的mysql/php更安全?但是我仍然不明白为什么以后执行variables语句更安全。我的意思是它还是来自表单的相同值?这并不比标准的mysql/php更安全-这_Php_Html_Mysql_Forms - Fatal编程技术网
Fatal编程技术网
  • php/
  • “post”数组的键:。你能在这里发布完整的代码吗?谢谢你向我解释这个原则。所以这可能比标准的mysql/php更安全?但是我仍然不明白为什么以后执行variables语句更安全。我的意思是它还是来自表单的相同值?这并不比标准的mysql/php更安全-这

“post”数组的键:。你能在这里发布完整的代码吗?谢谢你向我解释这个原则。所以这可能比标准的mysql/php更安全?但是我仍然不明白为什么以后执行variables语句更安全。我的意思是它还是来自表单的相同值?这并不比标准的mysql/php更安全-这

php html mysql forms

“post”数组的键:。你能在这里发布完整的代码吗?谢谢你向我解释这个原则。所以这可能比标准的mysql/php更安全?但是我仍然不明白为什么以后执行variables语句更安全。我的意思是它还是来自表单的相同值?这并不比标准的mysql/php更安全-这,php,html,mysql,forms,Php,Html,Mysql,Forms,“post”数组的键:。你能在这里发布完整的代码吗?谢谢你向我解释这个原则。所以这可能比标准的mysql/php更安全?但是我仍然不明白为什么以后执行variables语句更安全。我的意思是它还是来自表单的相同值?这并不比标准的mysql/php更安全-这是标准,这就是为什么当别人教连接时我会生气。我将在我的回答中添加一个简短的解释。。。 <form action='' method='post'> <select name="myselectbox"> <o

“post”数组的键:。你能在这里发布完整的代码吗?谢谢你向我解释这个原则。所以这可能比标准的mysql/php更安全?但是我仍然不明白为什么以后执行variables语句更安全。我的意思是它还是来自表单的相同值?这并不比标准的mysql/php更安全-这是标准,这就是为什么当别人教连接时我会生气。我将在我的回答中添加一个简短的解释。。。 
<form action='' method='post'>
 <select name="myselectbox">
  <option name="myoption1" value="myoption1">myoption1</option>
  <option name="myoption2" value="myoption2">myoption2</option>
  <option name="myoption3" value="myoption3">myoption3</option>
  <option name="myoption4" value="myoption4">myoption4</option>
 </select>
<input type='submit' value='submit'/>
</form>

$sql = "INSERT INTO Entries (myoption1) VALUES ('$_POST[myselectbox]')";

$value = mysql_real_escape_string($_POST['myselectbox']);    
$sql = "INSERT INTO Entries (myoption1) VALUES ($value)";

$sql = "INSERT INTO Entries (myoption1) VALUES (".$_POST['myselectbox'].")";

<form action='' method='post'>
<select name="myselectbox">
   <option name="myoption1" value="myoption1">myoption1</option>
   <option name="myoption2" value="myoption2">myoption2</option>
   <option name="myoption3" value="myoption3">myoption3</option>
   <option name="myoption4" value="myoption4">myoption4</option>
</select>
<input type='submit' value='submit'/>
</form>

if(!empty($_POST['myselectbox'])){
    /*.. do your query section... */
}

// Connect to mysql

$mysqli = new mysqli('where your server is', 'my_user', 'my_password', 'world');

// Build the initial statement - easier to read as you don't have your string concatenation here

$stmt = $mysqli->prepare( "INSERT INTO Entries (myoption1) VALUES (?)" );

// Tell mysql that the '?' should be replaced with the value in your post array

$stmt->bind_param( "s", $POST['myselectbox'] );

// Execute the statement

$stmt->execute()

$sql = "INSERT INTO Entries (myoption1) VALUES ('". $_POST['myselectbox'] ."')";

INSERT INTO Entries (myoption1) VALUES ('myoption1');

INSERT INTO Entries (myoption1) VALUES (''='' OR '1'='1');

INSERT INTO Entries (myoption1) VALUES (''=''); DROP TABLE Entries WHERE (''='');