Php 通过$\u Get防止SQL注入
我在我的网站上有一个代码,它调用特定行的pin,然后从该行回显数据。我需要知道如何使用代码防止SQL注入 这是:Php 通过$\u Get防止SQL注入,php,mysql,get,echo,code-injection,Php,Mysql,Get,Echo,Code Injection,我在我的网站上有一个代码,它调用特定行的pin,然后从该行回显数据。我需要知道如何使用代码防止SQL注入 这是: <?php if (isset($_GET['pin'])) { $con=mysqli_connect("server.com","username","password","database"); if (mysqli_connect_errno()) { echo "Failed to connect to MySQL: " . mysqli_connect_er
<?php
if (isset($_GET['pin']))
{
$con=mysqli_connect("server.com","username","password","database");
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$result = mysqli_query($con,"SELECT * FROM beta WHERE pin = " . $_GET['pin']);
while($row = mysqli_fetch_array($result))
{
echo "<table width='600px'><td width='200px'><font face='arial' size='2px'>" . $row['name_pin'] . " " . $row['pin'] . "</font></td><td width='200px'><font face='arial' size='2px'>" . $row['name_info'] . "" . $row['info'] . "</font></td><td width='200px'><font face='arial' size='2px'>" . $row['name_stat'] . " " . $row['stat'] . "</font></td></table>";
echo "<br>";
}
mysqli_close($con);
}
?>
提前谢谢你的帮助!备注:信息越多越好。
参数化了该值
$pin = $_GET['pin'];
$stmt = $dbConnection->prepare('SELECT * FROM beta WHERE pin = ?');
$stmt->bind_param('s', $pin);
$stmt->execute();
您是否查看了右侧列出的任何相关问题?
<?php
if (isset($_GET['pin'])){
$con=mysqli_connect("server.com","username","password","database");
$pin= mysqli_real_escape_string($con, $_GET['pin']);
//rest of code,